Subject: Re: poolifying fileassoc
To: Chuck Silvers <>
From: Thor Lancelot Simon <>
List: tech-kern
Date: 10/05/2006 08:34:05
On Thu, Oct 05, 2006 at 05:30:05AM -0700, Chuck Silvers wrote:
> like I explained in earlier mail, page-checking stuff shouldn't be called
> from getpages but rather from the aiodone code.  not only does that avoid
> any problems like this but it also makes it easier to check pages only when
> they're brought into memory the first time and not on later page-faults.

But veriexec _must_ check them on later page faults, or an adversary can
switch them out from underneath it and it becomes worthless (consider an
executable backed by NFS storage.  The per-page code in veriexec is
explicitly intended to address this failure with other executable
verification systems).

  Thor Lancelot Simon	                           

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart