RE: [PATCH 01/33] libsepol: basic serilization support

[Karl MacMillan <kmacmillan@mentalrootkit.com>]

On Wed, 2007-04-25 at 11:52 -0400, Joshua Brindle wrote:
> > From: Karl MacMillan [mailto:kmacmillan@mentalrootkit.com] 

<snip>

> > > 
> > > How do you suppose we should serialize variables that are normally 
> > > size_t then? For example, a policy module is essentially a 
> > file that 
> > > gets sent across and has a length of size_t, all the policy module 
> > > functions (eg., sepol_load_policy, etc) use a size_t so we have to 
> > > serialize it and unserialize it in some way.
> > > 
> > 
> > You define the size as uint64_t or uint32_t and check for 
> > overflow everywhere you convert from size_t (or long for 
> > things like fseek).
> > 
> 
> *sigh* I must not be making myself clear. That's what we are doing.

No - it is about where you are doing the checking. This doesn't belong
in the generic layer because it obscures what the problem is. It belongs
at the call site that interprets the fields.

Offering to serialize size_t is not a good interface - it makes it look
like you are actually handling the problem when you are not. By forcing
all of the serialized data into fixed-width types you are bringing the
problem to the foreground.

That way the representation is always clear and valid and good error
messages can be generated.

Karl



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.