Hello. Kyle Moffett wrote: > Look at it this way: What format do you use for your in-memory > datastructures? If that format is not extremely close to the policy > file format (with pointers replaced by 8-byte offsets), then you are > using the wrong binary format. The more manipulations you have to do > to a complicated data-structure the more likely you are to have a > buffer-overflow or parsing bug.
Before I answer, I would like to confirm one thing. Are you thinking that TOMOYO Linux kernel copies and keeps the contents of policy file represented in text format? Are you thinking that TOMOYO Linux kernel parses the contents of policy file represented in text format whenever permission checking occurs? If so, it's my lack of explanation. The text format representation of policy is used for communicating between kernel and userland. The binary format representation (e.g. adding length header for string data) of policy is used inside kernel space. Parsing text format representation of policy occurs only once when new policy is loaded via securityfs interface (to convert text representation into in-memory datastructure). Regards. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
