On Wed, 1 Apr 2009, Rainer Gerhards wrote: >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of Luis Fernando Mu?oz Mej?as >> >> I bet it works. But it's probably too ugly for users. Cleaner ways may >> need deeper changes into rsyslog's API so that the module gets direct >> access to each field. That's probably a lot of work and I can't wait >> for >> that. > > I need to check if there are actually larger changes required. The main > reason for this interface initially was security (do not pass to the module > the full object).
given that rsyslog is multi-threaded, not multi-process, any thread can get at the memory of any other thread. this significantly limits the amount of security that you can get by not passing a direct pointer to the full object. while I am a security person (it's my full time job), I'm not sure that it's worth it to limit the official module interface like this. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
