Subject: Re: Getting rid of /dev/veriexec
To: Elad Efrat <elad@NetBSD.org>
From: Nathan J. Williams <email@example.com>
Date: 12/02/2005 08:50:13
Elad Efrat <elad@NetBSD.org> writes:
> YAMAMOTO Takashi wrote:
> > why?
> Loading fingerprints to Veriexec is a two-phase process: first you
> create a hash table with N entries, then you load file-by-file from
> I think that doing this is cleaner by using sysctl(), much like
> how we use sysctl() for the network PCBs, for example.
Let's see. You want to read and write control and bulk data, from a
special-to-the-kernel node in a hierarchical namespace. This totally
smells like reinventing /dev.
> First we sysctl() to create a table, then we sysctl() to add a file
> to the table; we can also sysctl() to remove a file from a table. It's
> simply, to me, a cleaner and more logical interface to this kernel
This "cleaner" is clearly a matter of taste.
> 2. If, some day, Veriexec would have the feature of returning the hash
> for a given file (or any other configuration inspection) it might
> be desired that a process with root privileges in a chroot cage (...)
> could be prevented from accessing that information.
This sounds like an argument for leaving it in the filesystem.