Subject: Re: veriexec by default (Re: CVS commit: src/sys/arch)
To: Arnaud Lacombe <>
From: Elad Efrat <>
List: tech-kern
Date: 10/27/2006 13:33:15
Arnaud Lacombe wrote:
> On Fri, Oct 27, 2006 at 12:21:50PM +0900, YAMAMOTO Takashi wrote:
>> my concern is not only about its runtime costs.
>> i concern its code quality as well.
>> for example, when veriexec is compiled in,
>> vn_open uses MAXPATHLEN-sized buffer on kernel stack.

just like lots of other code... but okay, this can be fixed.

> is there any reason to duplicate ndp->ni_dirp ? pathbuf is only used
> when calling veriexec_verify(), which use it only when calling
> veriexec_report().

I guess you could check if it's in userspace and only then copy it...


Elad Efrat