Subject: Re: verified exec per page fingerprints
To: Eric Haszlakiewicz <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 11/14/2005 21:03:17
Eric Haszlakiewicz wrote:
> I would have thought that something like this would be a mountpoint
> option instead of a per-file thing.
> e.g. in veriexec_verify():
> if (vp->v_mount->mnt_flag & MNT_UNTRUSTED ||
> vhe->type |= VERIEXEC_UNTRUSTED;
I don't like the idea of adding a mount flag that is conditional. We can
achieve the same without doing it, (i.e., storing the flag in the table
for the mount and not the mount itself) this is really cosmetics...