On Sat, Oct 09, 2010 at 04:39:59PM +0200, Julia Lawall wrote: > The problem is that you are not doing anything to force it to be > considering the same copy_from_user in each rule. So your "depends on > ..." in the last rules just considers whether these rules have ever > applied. To be sure to be talking about the same copy_from_user in each > case, use a position variable. Then the depend on will be evaluated > specific to that position.
Ah-ha! I had dropped that when I moved to a single rule, but the had to re-expand. I couldn't figure out how to add position because I though I'd just end up with circular deps, but suddenly realized I can just repeat the last match at the start, but without "*" in the first column. Excellent! > You might find the -debug option useful for finding these kinds of > problems. Thanks! -Kees -- Kees Cook Ubuntu Security Team _______________________________________________ Cocci mailing list [email protected] http://lists.diku.dk/mailman/listinfo/cocci (Web access from inside DIKUs LAN only)
