On Wed, 11 Aug 2010 10:39:50 -0400, Watkins, Douglas <[email protected]> wrote:
>When creating new routines, I prefer they be created in an "API-style," >using macros for generating the parameter list and invoking the routine >as well as mapping the list of pointers and the fields to which they >point. This gives the called routine a relatively high degree of >confidence that the construction of the parameter list is valid. While I may agree with providing that method of constructing the parameters and invoking the module, I would say that from a system integrity point of view the called module still must verify everything. In the general case it can not assume that the caller used the method you provided. In other words, you might have a "relatively high degree of confidence" that the parameter list is valid if you can guarantee that you wrote all the code in the callers, too. But if you can't guarantee that, you have a false sense of confidence that might well lead you to having an integrity exposure. -- Walt Farrell IBM STSM, z/OS Security Design
