On Tue, Aug 05, 2014 at 07:43:26AM -0400, Jan Harkes wrote:
> On Tue, Aug 05, 2014 at 01:20:45PM +0200, u-codalist-z149_at_aetey.se wrote:
> > My impression is that the RealmId item (being passed around as a reference
> > to a realm and also for building inode numbers in dir_DirEntry2VDirent()
> > in coda-src/dir/dirbody.c) could be replaced by a direct use of the
> > pointer to the realm object.

> NO. Do NOT do that. For one you are giving potential (local) attackers
> very useful information where datastructures are located in the Venus
> process.

I guess you mean cfs which exposes the Coda fids?

Oh yes, now I see, it is there the realm reference data is being used
outside Venus, this is what I was missing.

Attackers or not, I agree that references to internal data should not
be passed through an external context even if this data is "opaque"
(not to be interpreted) there.

Thanks for helping me realize that RealmId belongs to a wider
context than I for the moment perceived. Good!

Regards,
Rune