Subject: Re: recent change to kern_exec.c for #! interpreters
To: Hubert Feyrer <>
From: Elad Efrat <>
List: tech-kern
Date: 08/08/2005 07:12:36
On Sun, 7 Aug 2005, Erik E. Fair wrote:

>> So ... if I were running with acct(2) on, what will I see in the 
>> ac_comm[] field of the structure that is written to the accounting 
>> file? sh? or the name of the script?

The change only comes in effect if Veriexec is enabled. The "logged"
refers to the logs Veriexec produces.

Hubert Feyrer wrote:

> Also, what if you want to verify(exev) several different scripts?

That's the change in question. It simply makes sure that you don't
get false logs saying "matching fingerprint for". You will get
a "matching fingerprint for /bin/sh", and "no entry for" if
there isn't one, or "matching fingerprint for" if there is.


Elad Efrat
PGP Key ID: 0x666EB914