On Sep 19, 2007, at 08:15:53, Tetsuo Handa wrote:
Kyle Moffett wrote:
Look at it this way: What format do you use for your in-memory
datastructures? If that format is not extremely close to the
policy file format (with pointers replaced by 8-byte offsets),
then you are using the wrong binary format. The more
manipulations you have to do to a complicated data-structure the
more likely you are to have a buffer-overflow or parsing bug.
Before I answer, I would like to confirm one thing.
Are you thinking that TOMOYO Linux kernel copies and keeps the
contents of policy file represented in text format? Are you
thinking that TOMOYO Linux kernel parses the contents of policy
file represented in text format whenever permission checking occurs?
If so, it's my lack of explanation.
The text format representation of policy is used for communicating
between kernel and userland.
And this is the "wrong" user<=>kernel format, because this is not
what the kernel directly uses.
The binary format representation (e.g. adding length header for
string data) of policy is used inside kernel space.
This would be the "right" user<=>kernel format, (modulo using offset-
from-start-of-policy instead of pointers). Then the "validation"
part basically consists of walking the *same* data-structures that
you are going to be using later, checking the length bytes, and
converting all of the "offset" values into "pointer" values.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
