Re: Interface for the new fallocate() system call
From: Linus Torvalds
Date: Thu Mar 29 2007 - 14:41:19 EST
On Thu, 29 Mar 2007, Jan Engelhardt wrote:
>
> I have to disagree, since wrapping it into a struct and copying the struct
> in kernelspace from userspace requires more code.
Not just more code, but more security issues too.
Passing system call arguments by value means that there are no subtle
security issues - the value you use is the value you got. But once you
pass-by-reference, you have to make damn sure that you do the proper user
space accesses and verify the pointer correctly.
User-space (aka "user-supplied") pointers are just more dangerous. We
obviously can't avoid them, but they need much more care than just a
random value directly passed in a register.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/