Subject: Re: veriexec by default (Re: CVS commit: src/sys/arch)
To: Arnaud Lacombe <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 10/27/2006 13:33:15
Arnaud Lacombe wrote:
> On Fri, Oct 27, 2006 at 12:21:50PM +0900, YAMAMOTO Takashi wrote:
>> my concern is not only about its runtime costs.
>> i concern its code quality as well.
>> for example, when veriexec is compiled in,
>> vn_open uses MAXPATHLEN-sized buffer on kernel stack.
just like lots of other code... but okay, this can be fixed.
> is there any reason to duplicate ndp->ni_dirp ? pathbuf is only used
> when calling veriexec_verify(), which use it only when calling
I guess you could check if it's in userspace and only then copy it...