watch structure
Stephen Smalley
sds at tycho.nsa.gov
Tue Apr 5 15:13:30 UTC 2005
On Tue, 2005-04-05 at 11:10 -0400, Steve Grubb wrote:
> On Tuesday 05 April 2005 11:00, Casey Schaufler wrote:
> > But you don't know how much to copy.
>
> Sure you do. The lengths are in 2 other fields of the same structure. When
> using this scheme, you have to verify the length of the netlink packet meshes
> with the lengths provided or reject it. This technique does increase the
> amount of checking before using the data.
Shrug. In any event, this is not a performance-critical path, right?
So it doesn't really matter either way, as long as the kernel internal
representation of watches (not necessarily the same as the kernel-
userspace interface) is memory efficient.
Question: Would it be sane for Tim to go ahead and re-base his patch to
the latest -mm and submit his RFC on linux-fsdevel now even before
resolving the userspace interface issue? Or do we need to get the
userspace interface finalized first?
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list