Re: The Demise of Simple Assurance?

From: David Wagner (dawat_private)
Date: Thu Aug 02 2001 - 20:11:43 PDT

  • Next message: Jesse Pollard: "Re: The Demise of Simple Assurance?"

    Seth Arnold  wrote:
    >On Thu, Aug 02, 2001 at 05:18:05PM +0000, David Wagner wrote:
    >> Do you have any proof of this?  I'm skeptical that the difference is
    >> noticeable under common usage, but without measurements, I don't know
    >> how to evaluate this claim either way.
    >
    >[...] in many cases the 'return (0)' will be faster. (And
    >perhaps the first case is overly complicated .. but no matter how well
    >it is optimized, in most cases it will likely take at least one CPU
    >cycle more than the second case.)
    
    Was this meant seriously?  Sure, you can shave off a cycle here and
    there, but I'm asking about noticeable performance improvement under
    typical usage scenarios.  I see no reason to make sweeping changes to the
    architecture that introduce a large risk of our patches being rejected
    and that make it likely we'll introduce a few security bugs along the
    way, if all we gain by doing so is optimizing away a few cycles, on the
    conjecture that maybe this would make some embedded folks happy.
    
    I'm convinced this can't be the argument you had in mind for moving
    all existing kernel checks to a module.  I must be missing something.
    I hope you'll show me where I went wrong.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 20:20:31 PDT