Subject: Re: veriexec by default (Re: CVS commit: src/sys/arch)
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Arnaud Lacombe <lacombar@gmail.com>
List: tech-kern
Date: 10/27/2006 06:37:10
On Fri, Oct 27, 2006 at 12:21:50PM +0900, YAMAMOTO Takashi wrote:
> > Oh, yes, no argue about that. I think that the cost of it is relatively
> > small. Anyway, I thought that, like myself, nobody else found it too
> > expensive. But, see below:
>
> my concern is not only about its runtime costs.
> i concern its code quality as well.
> for example, when veriexec is compiled in,
> vn_open uses MAXPATHLEN-sized buffer on kernel stack.
>
> YAMAMOTO Takashi
is there any reason to duplicate ndp->ni_dirp ? pathbuf is only used
when calling veriexec_verify(), which use it only when calling
veriexec_report().
regards,
- Arnaud