[apparmor] [PATCH 14/27] apparmor: reserve and mask off the top 8 bits of the base field
Kees Cook
kees at ubuntu.com
Wed Nov 21 16:36:29 UTC 2012
On Tue, Nov 20, 2012 at 08:39:54PM -0800, John Johansen wrote:
> The top 8 bits of the base field have never been used, in fact can't
> be used, by the current 'dfa16' format. However they will be used in the
> future as flags, so mask them off when using base as an index value.
>
> Note: the use of the top 8 bits, without masking is trapped by the verify
> checks that base entries are within the size bounds.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Kees Cook <kees at ubuntu.com>
--
Kees Cook
More information about the AppArmor
mailing list