Re: [PATCH 12/17] Add server.h and server.c

2017-09-01 Thread Jeff Law 
On 07/24/2017 02:05 PM, David Malcolm wrote:
> This patch adds a "server" abstract base class for listening
> on a port, for use by the later patches to implement an LSP server.
> 
> It's largely adapted from examples in glibc's docs.  I suspect that
> I've introduced platform-specific assumptions (and that it may need some
> extra configure tests for the extra functionality), but this part of
> the kit is just a proof-of-concept.
> 
> gcc/ChangeLog:
>   * Makefile.in (OBJS): Add server.o.
>   * server.c: New file.
>   * server.h: New file.
And this is where I start to get scared :-)  Once folks can start
interacting with GCC over a TCP connection we have to start thinking
much harder about the security ramifications of various hunks of code.

If we end up going down this path at some point, I'd really like to look
for ways to leverage existing code that's already being used in the wild
and hopefully has been through real security audits.

Jeff

Re: [PATCH 12/17] Add server.h and server.c

2017-07-26 Thread Mike Stump 
On Jul 26, 2017, at 7:50 AM, David Malcolm  wrote:
> 
> On Wed, 2017-07-26 at 23:35 +0900, Oleg Endo wrote:
>> On Mon, 2017-07-24 at 16:05 -0400, David Malcolm wrote:
>>> 
>>> +
>>> +You should have received a copy of the GNU General Public License
>>> +along with GCC; see the file COPYING3.  If not see
>>> +.  */
>>> +
>>> +#ifndef GCC_SERVER_H
>>> +#define GCC_SERVER_H
>>> +
>>> +/* Wrapper aroung "int" for file descriptors.  */
>>~~~^
>>  around :)
> 
> Thanks; fixed in my working copy.
> 
> Someone pointed out to me privately that instead/as well as serving on
> a port, we could be launched as a subprocess by the IDE, and serve the
> RPC over stdin/stdout; this would be simpler for IDEs to cope with.  I
> may have a look at supporting that for the next version.

The security threat modeling I think is nicer if you read and write 
stdin/stdout.  Once you open a port, you open a security hole.  By not having 
holes by design, we avoid most of this space, which I see as a good thing.



smime.p7s
Description: S/MIME cryptographic signature

Re: [PATCH 12/17] Add server.h and server.c

2017-07-26 Thread David Malcolm 
On Wed, 2017-07-26 at 23:35 +0900, Oleg Endo wrote:
> On Mon, 2017-07-24 at 16:05 -0400, David Malcolm wrote:
> >  
> > +
> > +You should have received a copy of the GNU General Public License
> > +along with GCC; see the file COPYING3.  If not see
> > +.  */
> > +
> > +#ifndef GCC_SERVER_H
> > +#define GCC_SERVER_H
> > +
> > +/* Wrapper aroung "int" for file descriptors.  */
> ~~~^
>   around :)

Thanks; fixed in my working copy.

Someone pointed out to me privately that instead/as well as serving on
a port, we could be launched as a subprocess by the IDE, and serve the
RPC over stdin/stdout; this would be simpler for IDEs to cope with.  I
may have a look at supporting that for the next version.

Dave

Re: [PATCH 12/17] Add server.h and server.c

2017-07-26 Thread Oleg Endo 
On Mon, 2017-07-24 at 16:05 -0400, David Malcolm wrote:
> 
> +
> +You should have received a copy of the GNU General Public License
> +along with GCC; see the file COPYING3.  If not see
> +.  */
> +
> +#ifndef GCC_SERVER_H
> +#define GCC_SERVER_H
> +
> +/* Wrapper aroung "int" for file descriptors.  */
                ~~~^
              around :)