Subject: Re: kauth and access to process credentials
To: Christos Zoulas <christos@astron.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-security
Date: 02/18/2007 15:13:39
On Sun, 18 Feb 2007 19:06:19 +0000 (UTC)
christos@astron.com (Christos Zoulas) wrote:
>
>
> The problem is that once the #defines or inlines exist in a header,
> users of the defines/inlines will include that header to get the
> definitions. At this point both the structure and the defines/inlines
> become visible to the users, and nobody can prevent the users to use
> the field members of the functions directly instead of going through
> the inlines.
"You can't make something foolproof because fools are so smart".
C isn't an object-oriented language where we can really hide that
stuff. All we can do is provide the proper interfaces, and shoot down
any patches that Do the Wrong Thing.
>
> There is an ugly way to prevent this, by using cpp macros to destroy
> the member definitions after the inline function is defined. Eg.
>
> struct foo {
> int foo_id;
> };
>
> static __inline int
> get_foo_id(const struct foo *p) {
> return p->foo_id;
> }
>
> #define foo_id error
>
I'm not sure if I should say "cool" or "ouch"!
--Steve Bellovin, http://www.cs.columbia.edu/~smb