Re: Fwd: Re: Fw: Audit records for start/stop auditd
On Wed, 2005-04-06 at 10:09 -0400, Steve Grubb wrote:
On Wednesday 06 April 2005 09:57, Stephen Smalley wrote:
> Won't that break the kernel ABI?
I put it at the end so apps that have already been compiled with the old
siginfo_t size won't break. The app is handed a pointer to the structure by
the kernel, so its not like userspace ever allocates the struct, it just
references the contents of it.
I think that the kernel _copies_ the structure to userspace (using a
pointer provided by userspace), so extending it will cause clobbering of
memory for any application that was built with the old structure. See
copy_siginfo_to_user in kernel/signal.c.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency