At 10:39 AM -0700 7/14/04, Blue Boar wrote: >ljknews wrote: > >> At 11:38 AM -0700 7/13/04, Blue Boar wrote: >> >>>ljknews wrote: >>> >>>>The environment with which I am most familiar is VMS, and tradition >>>>is what guides secure interfaces. Inner mode code _must_ probe any >>>>arguments provided from an outer mode, probe the buffers specified >>>>by descriptors provided, etc. >>> >>>What do you do when you're handed a bad pointer? >> >> Return SS$_ACCVIO. > >So you put in an error handler that catches access ciolation before you try to use >the pointer? OK, fair enough. What if the pointer points to memory you own, but not >the right kind?
The inner mode code probing ensure that the calling mode has the ability to read and/or write the memory (according to the semantics of the particular interface. The inner mode code does not distinguish between stacks and various heaps, just that the memory is readable or writable by the calling process in the mode from which the call is made. > I have always been under the impression that raw pointers could always cause you > problems. I've assumed that a secure language would have to eliminate that as a > type. As have I. -- Larry Kilgallen