From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Joseph D. Wagner" Subject: RE: Does sendfile() copy extended attributes? Date: Sun, 21 Dec 2003 13:31:53 -0600 Sender: linux-fsdevel-owner@vger.kernel.org Message-ID: <000001c3c7f9$16e052d0$0201a8c0@joe> References: <20031221115028.GG3438@mail.shareable.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8BIT Cc: "'maximilian attems'" , Return-path: Received: from ssa8.serverconfig.com ([209.51.129.179]:52200 "EHLO ssa8.serverconfig.com") by vger.kernel.org with ESMTP id S263914AbTLUTby convert rfc822-to-8bit (ORCPT ); Sun, 21 Dec 2003 14:31:54 -0500 To: "'Jamie Lokier'" In-Reply-To: <20031221115028.GG3438@mail.shareable.org> List-Id: linux-fsdevel.vger.kernel.org > I think you read what I wrote the wrong way. Let me rephrase it: > How can you know that function does not call an external program to > perform its action? Again, sendfile() is a KERNEL function. > There actually are a few functions in the C library which work by > calling external programs - grantpt is one I think - and it's not > mentioned in the manual page (because it's an implementation detail). > > Actually I agree with you that calling external programs is a big > risk. It should be done carefully in security conscious code. > However you are deluded to imagine that calling functions in the C > library is automatically safe from the those risks. That must be done > carefully as well. Thanks for the heads up. But a library function is at least SAFER -- not totally SAFE but SAFER than an external program -- right? I view security as a process, not an end result. Minimizing the risk, not eliminating the risk altogether, is my goal; hence, the question about a library function call being safer than an external program. Joseph D. Wagner