From owner-freebsd-arch  Wed Dec 13  1:26: 3 2000
From owner-freebsd-arch@FreeBSD.ORG  Wed Dec 13 01:26:01 2000
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134])
	by hub.freebsd.org (Postfix) with ESMTP id 4A14737B400
	for <arch@FreeBSD.ORG>; Wed, 13 Dec 2000 01:26:01 -0800 (PST)
Received: (from daemon@localhost)
	by smtp04.primenet.com (8.9.3/8.9.3) id CAA08250;
	Wed, 13 Dec 2000 02:21:49 -0700 (MST)
Received: from usr08.primenet.com(206.165.6.208)
 via SMTP by smtp04.primenet.com, id smtpdAAA6AaOaq; Wed Dec 13 02:21:43 2000
Received: (from tlambert@localhost)
	by usr08.primenet.com (8.8.5/8.8.5) id CAA27496;
	Wed, 13 Dec 2000 02:25:51 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <200012130925.CAA27496@usr08.primenet.com>
Subject: Re: Safe string formatting in the kernel
To: phk@critter.freebsd.dk (Poul-Henning Kamp)
Date: Wed, 13 Dec 2000 09:25:51 +0000 (GMT)
Cc: tlambert@primenet.com (Terry Lambert), kris@citusc.usc.edu,
	des@ofug.org (Dag-Erling Smorgrav), arch@FreeBSD.ORG
In-Reply-To: <88311.976699218@critter> from "Poul-Henning Kamp" at Dec 13, 2000 10:20:18 AM
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: tlambert@usr08.primenet.com
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> >> I don't necessarily see that as a bad thing :-)
> >> 
> >> The main trouble is bad syscall API design:  All strings should be
> >> passed by pointer+length, rather than asciiz sematics.
> >
> >DEFINITELY.
> >
> >This would let you do the allocation based on peeking at the
> >size prior to copying the whole string in.  Count prefix strings
> >are one thing the C language has been missing for years.
> 
> ...unfortunately, just like many other good things, we can't
> easily change the API of things like open(2)...

Why not?  The open(2) call is a library stub anyway; I'm strongly
of the opinion that POSIX semantics are a near useless subset of
the desirable semantics, and map a tiny amount of the problem
space.  They probably deserve to be in libc, rather than fossilized
into the system call interface.  For example, the idea of a
synchronous system call is really an asynchronous call plus an
aiowait on the call status structure... it would sure make it a
hell of a lot easier to implement a threads library.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message