Subject: Re: verified exec per page fingerprints
To: Elad Efrat <elad@NetBSD.org>
From: Eric Haszlakiewicz <erh@jodi.nimenees.com>
List: tech-kern
Date: 11/15/2005 02:43:47
On Mon, Nov 14, 2005 at 09:03:17PM +0200, Elad Efrat wrote:
> Eric Haszlakiewicz wrote:
> 
> > 	I would have thought that something like this would be a mountpoint
> > option instead of a per-file thing.  
> > e.g. in veriexec_verify():
> > 	if (vp->v_mount->mnt_flag & MNT_UNTRUSTED ||
> > 	    do_something_extra_for_unionfs_or_nullfs_or_...)
> > 		vhe->type |= VERIEXEC_UNTRUSTED;
> 
> I don't like the idea of adding a mount flag that is conditional. We can
> achieve the same without doing it, (i.e., storing the flag in the table
> for the mount and not the mount itself) this is really cosmetics...

	I don't understand.  What do you mean by "table for the mount"?

By "conditional" do you mean a mount flag that is different for different
files on a unionfs?  That's not quite what I had in mind.  I was thinking
more along the lines of "do something extra" being:
	as the filesystem for an underlying vnode.
	if it returns something, check the mnt flag in that mount structure.
i.e. the mount flag stays static with the mount point, but the veriexec
code needs to make sure it checks the right mount structure.

eric