On Thu, 25 Oct 2001, Chris Wright wrote:
> hmmm...i was thinking in terms of something more automated. not sure of
> the pitfalls here, but assuming everyone makes there structs static so
> the empty holes are zero filled...
>
> #define VERIFY_STRUCT(type, s) \
> do { \
> unsigned int size = sizeof(#type); \
> unsigned long start = (unsigned long)s; \
> unsigned long end = (unsigned long)s + size; \
> while (start != end) { \
> if (!*(long*)start) { \
> printk("error!\n"); \
> break; \
> } \
> start += sizeof(void *); \
> } \
> } while (0)
>
>
> whaddya think?
I considered something like this, but was uneasy about treating the
structure as an array of pointers. If the above approach works reliably,
then it is certainly easier to maintain. However, I'm not sure about its
reliability, and it also doesn't give any useful feedback about where a
hook might be missing. Who wrote the original verify() function and why
didn't they use this approach from the beginning?
--
Stephen D. Smalley, NAI Labs
ssmalleyat_private
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 14:27:38 PDT