[bind10-dev] Socket creator and low-level code

Michal 'vorner' Vaner michal.vaner at nic.cz
Fri Oct 15 14:07:48 UTC 2010 

Hello

I and jinmei had a disagreement about the correct approach to more secure socket
creator (which is what we want, as it is the only component that will need to
run as root, hopefully, therefore it is more important to it to be secure).

I wrote the code using only OS-level API and C-like code (it is C++, but doesn't
use fancy wrappers around types, classes), without any libraries and so. I did
this on purpose, because:
• Classes help keeping big projects together, hide implementation details and
  stuff. But they make small programs more complicated.
• Each library, wrapper, etc, contains some code. More code means potentially
  more bugs (there's saying that average number of bugs depends only on the
  number of lines and it is linear). And it makes it harder to check all the
  code (if there's a paranoid admin and wants to read it herself, the less code
  is better).

However, this approach means using pointers, which makes jinmei uneasy. I agree
that you can write a bug by using pointers, as much as you can do using anything
else, but only by using them the wrong way. I'm pretty sure my code is correct
regarding problems with pointers, but he says using pointers itself is a risk.

I suggest adding a comment with proof that the use of pointers is correct and a
warning comment saying this code runs as a root user, to be extra careful (and
update the proof) if changing it. He suggests that we should use some kind of
library and avoid using naked pointers. Because this looks like directly
opposing requirements (not using low-level API and not using a library), we
would like to ask the rest of team what they think and what is the reasons to
think so.

I hope I didn't misinterpret anything you said, jinmey. If I did, please correct
me.

Thank you for your opinion.

Have a nice day

-- 
Look! Behind you!

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20101015/df20d2d2/attachment.bin>

More information about the bind10-dev mailing list