Subject: Re: veriexec: Incorrect access type.
To: None <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 07/27/2005 19:10:04
The logic is fine, IMHO, preventing access to a file in a way it
was not specified for. This means that if you have an entry for
/bin/sh marked DIRECT (or not marked at all, implying DIRECT),
any indirect access to it, via shell script magic, will log a
In strict level 2, or ``IPS mode'', you will also be denied from
Since I do see a problem here (we have a binary that has the
potential of being accessed many times both directly and indirectly)
I suggest changing the logging to only when verbose (or highly
verbose?) mode is set.
PGP Key ID: 0x666EB914