Subject: Re: Veriexec: Incorrect access type
To: John R. Shannon <email@example.com>
From: Brett Lymn <firstname.lastname@example.org>
Date: 04/04/2007 20:35:38
On Tue, Apr 03, 2007 at 09:50:36AM -0600, John R. Shannon wrote:
> Further investigation shows that I can execute the command, /bin/cat, without
> the message. The veriexec message is getting logged when mtree is run on
> the /bin directory as part of the daily security checks.
You don't mention which version of NetBSD but I am guessing either
-current or 4.0. This is correct behaviour for veriexec, by default
everything is marked as a DIRECT executable unless flagged otherwise.
So, opening the file for read will be flagged as an inappropriate
access for the file. You can either live with the warnings or add the
flags "DIRECT,FILE" to the entries that are being flagged - this will
make the notifications go away but it means that if someone tries to
open the file for read when they should not be then you will not be