I agree,
but the basic construct is ( A=B ).
And if you can if only it would he a first step towards prevention. Its also
clear that it doesnt help it catches only one type of backdoor but i was
impressed enought to come forward to start a discussion.
one question remains: how to convince the maintainers to take patches that
fix (that kind of) bad style ?
walter
- - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - -
From: Matthew Wilcox <willy@xxxxxxxxxx>
Subject: Re: Re: RFC: linux backdoor prevention
Date: 11/10/03 14:16
On Mon, Nov 10, 2003 at 01:06:32PM +0100, Walter Harms wrote:
> i thing this should (also) go into 2.4.x as well bad style is bad style.
> the point is to convince the maintainers. But after this incident
> they will be willing to accept changes that improve readability.
> (perhaps: somebody can talk to linus to make a statement to remove
> that kind of code)
>
> The first step would to create a tools that find statemenst like
> if ( (A=b)<0 ). I have played with a grep pipeline and found only
> a few lines of code. perhaps somebody can make a tool that will show
> automaticly such kind of code.
the harder ones to remove are:
while (a = b) { ... }
and
for (a = 0; a = b; a++) { ... }
and
do { ... } while (a = b);
similar kinds of hidden assignments can be done with the comma operator or
in function calls:
int foo(int);
int a = 3, b = 4, c;
c = a, b;
foo(a = b);
These are all bad style, of course, but I don't think you're going to
be able to find them all with grep.
--
"It's not Hollywood. War is real, war is primarily not about defeat or
victory, it is about death. I've seen thousands and thousands of dead bodies.
Do you think I want to have an academic debate on this subject?" -- Robert Fisk
-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
|
