Linas Vepstas wrote:
> Sorry I used the word semaphore. Using pipes & shmem is hard. Well,
> using them is easy, using them and creating something that's extenisble,
> maintainble, lacks race conditions and other bugs ... that's a lot
> harder. If it's so easy, why didn't ssh do it years ago?
The hard stuff is to design your application so that it *can*
be separated into multiple protection domains. The actual
*implementation* of that separation via multiple processes
is easy (trivial in comparison).
Security is hard, and trying to implement some sort of framework
that will allow even inexperienced programmers to magically
only produce secure code strikes me as somewhat naive ;-)
> > One main point why just function calls are so much easier
> > to use than IPC is that you can pass pointers to complex
> > data structures back and forth. If you really implement
> > some sort of strict memory protection, that won't work
> > any more.
>
> Huh? why not?
Because those pointers will point to memory the callee
is not allowed to access?
> To define a library interface, traditionally, one defines some functin
> prototypes, and then writes the code to make them "do something".
> To pass data on a socket, you need to define the structure
> of the data passing through the socket. And you need to define
> at least two subroutines, one to pack the data into the pipe, one
> to pull it out.
Hm? read () and write () should do just fine ...
> OK, so there are tools that can automate a lot of this, such as RPC's
> and stub generators and IDL's, or you can code in Java or scheme or
> C# or some language that provides native support for this
> ("introspection", or ability to marshall/unmarshall itself). Or use
> .net so that you can be a stupid programmer creating incredibly complex
> systems. But these are all very complex mechanisms if your goal
> is merely to be a lowly library trying to prevent someone from meddling
> with your innards.
You need all this only if the data you send over the pipe is
supposed to be platform-independent. If you only communicate
locally between two processes guaranteed to run on the same
machine, just send the raw binary image of your data structures
over the pipe and you're done.
Bye,
Ulrich
--
Dr. Ulrich Weigand
[EMAIL PROTECTED]
