Re: Vulnerabilities in Synchronous IPC Designs

[Niels Möller]

Espen Skoglund <address@hidden> writes:

> It is trivial to add a check in the IDL compiler (and generated code)
> for the length of a variable length buffer.  If the variable length
> buffer fits within 256 bytes (or 512 bytes on 64-bit architectures),
> the content can be transferred using message registers.  If this is
> your only concern, then you shouldn't worry.  (I was actually sort of
> suprised to learn that IDL4 didn't support this in the current
> implementation.)

Is there any documentation, besides the IDL4 source code, which
specifies how an rpc (as described by the idl input) is mapped to L4
ipc operations? I would really like to see a specification for that,
which should ideally make it straight forward to hand code a server
that communicates with a client that uses idl4-generated stubs, or
vice versa, and to write idl input that matches the kernel and sigma0
protocols.

To me, such a specification is more important than the implementation
of it. Undocumented black-box protocols don't give me that warn and
fuzzy feeling...

Regards,
/Niels