Subject: Re: veriexec: Incorrect access type.
To: None <>
From: Elad Efrat <>
List: current-users
Date: 07/27/2005 19:10:04

The logic is fine, IMHO, preventing access to a file in a way it
was not specified for. This means that if you have an entry for
/bin/sh marked DIRECT (or not marked at all, implying DIRECT),
any indirect access to it, via shell script magic, will log a

In strict level 2, or ``IPS mode'', you will also be denied from
accessing it.

Since I do see a problem here (we have a binary that has the
potential of being accessed many times both directly and indirectly)
I suggest changing the logging to only when verbose (or highly
verbose?) mode is set.


Elad Efrat
PGP Key ID: 0x666EB914