Subject: Re: Getting rid of /dev/veriexec
To: Jason Thorpe <firstname.lastname@example.org>
From: Elad Efrat <elad@NetBSD.org>
Date: 12/02/2005 17:37:34
Jason Thorpe wrote:
> I don't really like how we overload sysctl in this way. Mach messages
> are a much better way of doing this type of request/response
> operation. But we don't have Mach messaging, so we overloaded sysctl.
Until we have Mach messages we have two options: keep programs that can
read arbitrary kernel memory, or use a temporary solution (that is also
centralized and clean, for when we need to change it).
Even if this is all temporary, I prefer the sysctl route over the
device/kmem route anytime.