dawat_private (David Wagner): > >On 1 Jun 2001, David Wagner wrote: > >> Elegant? Not from a software engineering point of view. > >> Almost every module will have a cut-and-pasted copy of the base > >> logic. Software engineering teaches us that code duplication is > >> bad: If you ever want to change that code, making the appropriate > >> change in all necessary places is difficult. > > > >I know I'm going to get into trouble here, but ... doesn't that presume > >that all the changes are going to be the same? > > Two reasons why code duplication is risky: > - If there's a bug in the base logic, you'll want to change > everyone's copy of it, but that's hard. > - If everyone has to cut-and-paste the code, inevitably someone > will cut-and-paste incorrectly, and that's hard to detect. > These are some of the usual arguments for reuse of shared code, > the value of inheritance in object-oriented languages, and so on. Hey now, it's CUT and paste, not COPY and paste. Cut implies that the code is being removed from its' original location. The good part is that all of the security code is isolated to a central location where it can be examined as a unit instead of scattered over the kernel. Yes, the hook locations have to be validated, but that is a separate issue from correctness of implementation of the security function. ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollardat_private Any opinions expressed are solely my own. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jun 01 2001 - 12:09:43 PDT