Subject: Re: Getting rid of /dev/veriexec
To: Jason Thorpe <>
From: Elad Efrat <>
List: tech-kern
Date: 12/02/2005 17:37:34
Jason Thorpe wrote:

> I don't really like how we overload sysctl in this way.  Mach  messages
> are a much better way of doing this type of request/response 
> operation.  But we don't have Mach messaging, so we overloaded sysctl.

Until we have Mach messages we have two options: keep programs that can
read arbitrary kernel memory, or use a temporary solution (that is also
centralized and clean, for when we need to change it).

Even if this is all temporary, I prefer the sysctl route over the
device/kmem route anytime.


Elad Efrat