Disabling XACE Extension (and other code build) by default
Eamon Walsh
ewalsh at tycho.nsa.gov
Mon Jul 12 10:04:11 PDT 2010
On 07/05/2010 09:21 AM, Vignatti Tiago (Nokia-MS/Helsinki) wrote:
> On Sat, Jul 03, 2010 at 10:25:34PM +0200, ext Eamon Walsh wrote:
>
>> On 06/21/2010 09:52 AM, Tiago Vignatti wrote:
>>
>>> Last I remember, we want all possible build options set as on by default just
>>> to be sure the code they enable still being able to build after general
>>> changes. Is that correct?
>>>
>>> ---
>>>
>>> Apart from that, is there a reason to have XACE enabled by default without any
>>> hook backend? This is how the server is being compiled now by default.
>>>
>> As long as the in-tree security extensions are disabled by default I
>> think it should be OK to disable XACE by default as well.
>>
> Thanks for the answer, Eamon.
>
> So I disabled XACE here in my machine and now my static analyzer is accusing
> ~100 pieces of deadcode. That's because we have XaceHook everywhere and, when
> disabling the extension, this function will always return Success which makes
> the subsequent "if (rc != Success)" useless.
>
> I took a look on the code and couldn't find a way to put this conditional
> inside the XaceHook, when the extension is being used. Do you think there's an
> easy way to do so? Do we really need to always check for value or this is just
> a safety check? Or do you have an better idea?
>
>
> Thank you,
> Tiago
>
>
When XACE is disabled, XaceHook turns into a macro for Success, not a
function call that returns Success. The compiler should optimize out
all the dead code. This seems like a pretty common idiom to me. I
don't think the static analyzer should warn on stuff like this.
--
Eamon Walsh
National Security Agency
More information about the xorg-devel
mailing list