On Wed, 26 Jan 2005, Jesse Pollard wrote:
>
> And covering the possible unknown errors is a good way to add protection.
I heartily agree. The more we can do to make the inevitable bugs be less
likely to be security problems, the better off we are. Most of that ends
up being design - trying to avoid design decisions that just drive every
bug to be an inevitable security problem.
The biggest part of that is having nice interfaces. If you have good
interfaces, bugs are less likely to be problematic. For example, the
"seq_file" interfaces for /proc were written to clean up a lot of common
mistakes, so that the actual low-level code would be much simpler and not
have to worry about things like buffer sizes and page boundaries. I don't
know/remember if it actually fixed any security issues, but I'm confident
it made them less likely, just by making it _easier_ to write code that
doesn't have silly bounds problems.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
