From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,
	FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI autolearn=unavailable autolearn_force=no
	version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,71171f53c22d92b5
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-11-12 05:56:14 PST
Path: 
 archiver1.google.com!news2.google.com!news.maxwell.syr.edu!newsfeed.stueberl.de!teaser.fr!enst.fr!melchior!cuivre.fr.eu.org!melchior.frmug.org!not-for-mail
From: Duncan Sands <baldrick@free.fr>
Newsgroups: comp.lang.ada
Subject: Re: C's trikery semantic opens up backdoor in new Linux kernel
Date: Wed, 12 Nov 2003 14:38:06 +0100
Organization: Cuivre, Argent, Or
Message-ID: <mailman.332.1068645284.25614.comp.lang.ada@ada-france.org>
References: <3FB1A63C.9080200@nowhere.com>
	<mailman.328.1068623355.25614.comp.lang.ada@ada-france.org>
	<bot7vd$1gtgp4$1@ID-175126.news.uni-berlin.de>
NNTP-Posting-Host: lovelace.ada-france.org
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Trace: melchior.cuivre.fr.eu.org 1068645285 6846 80.67.180.195 (12 Nov 2003
 13:54:45 GMT)
X-Complaints-To: usenet@melchior.cuivre.fr.eu.org
NNTP-Posting-Date: Wed, 12 Nov 2003 13:54:45 +0000 (UTC)
To: v.hoefler@acm.org, Vinzent 'Gadget' Hoefler <ada.rocks@jlfencey.com>,
	comp.lang.ada@ada-france.org
Return-Path: <duncan.sands@math.u-psud.fr>
User-Agent: KMail/1.5.1
In-Reply-To: <bot7vd$1gtgp4$1@ID-175126.news.uni-berlin.de>
Content-Disposition: inline
X-Virus-Scanned: by amavisd-new-20030616-p5 (Debian) at ada-france.org
X-BeenThere: comp.lang.ada@ada-france.org
X-Mailman-Version: 2.1.2
Precedence: list
List-Id: Gateway to the comp.lang.ada Usenet newsgroup
	<comp.lang.ada.ada-france.org>
List-Unsubscribe: <http://www.ada-france.org/mailman/listinfo/comp.lang.ada>,
	<mailto:comp.lang.ada-request@ada-france.org?subject=unsubscribe>
List-Post: <mailto:comp.lang.ada@ada-france.org>
List-Help: <mailto:comp.lang.ada-request@ada-france.org?subject=help>
List-Subscribe: <http://www.ada-france.org/mailman/listinfo/comp.lang.ada>,
	<mailto:comp.lang.ada-request@ada-france.org?subject=subscribe>
Xref: archiver1.google.com comp.lang.ada:2418
Date: 2003-11-12T14:38:06+01:00

> >IMHO the real problem is that
>
> the syntax of C allows such things. Simple as that, it doesn't matter
> if you even can set strict coding standards to make such things hardly
> possible.
>
> >uid is not an opaque type and can
> >be changed with a simple assignment.  Much better if that required
> >a function call.
>
> You can almost always find a workaround. The problem is to use it
> everytime and force people to use it.

I was under the impression that (using preprocessor trickery) it was possible
to get the equivalent of an Ada private type in C.  Then everyone is forced
to use function calls to get/set the value, unless they do type casts etc.
In all cases, abuse would stand out more than it does now.

> For instance considering the simple rule that in a comparison with a
>
> constant value you should always state the constant first:
> |if ((__WCLONE|__WALL) == options) && (0 = current->uid))
>
> wouldn't compile, either.

No, but do you really think such a style could be enforced in the linux
kernel community?  Think of "herding cats".

Duncan.