Subject: Re: kauth and access to process credentials
To: Christos Zoulas <>
From: Steven M. Bellovin <>
List: tech-kern
Date: 02/18/2007 15:13:39
On Sun, 18 Feb 2007 19:06:19 +0000 (UTC) (Christos Zoulas) wrote:

> The problem is that once the #defines or inlines exist in a header,
> users of the defines/inlines will include that header to get the
> definitions. At this point both the structure and the defines/inlines
> become visible to the users, and nobody can prevent the users to use
> the field members of the functions directly instead of going through
> the inlines.

"You can't make something foolproof because fools are so smart".  

C isn't an object-oriented language where we can really hide that
stuff.  All we can do is provide the proper interfaces, and shoot down
any patches that Do the Wrong Thing.

> There is an ugly way to prevent this, by using cpp macros to destroy
> the member definitions after the inline function is defined. Eg.
> struct foo {
> 	int foo_id;
> };
> static __inline int
> get_foo_id(const struct foo *p) {
> 	return p->foo_id;
> }
> #define foo_id error
I'm not sure if I should say "cool" or "ouch"!

		--Steve Bellovin,