Subject: Re: what's in a name? fingerprinted exec
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Jason R. Fink <>
List: tech-security
Date: 10/16/2002 13:15:01
On Wed, Oct 16, 2002 at 12:35:36PM -0400, Greg A. Woods wrote:
> [ On Wednesday, October 16, 2002 at 11:02:42 (-0400), Jason R. Fink wrote: ]
> > Subject: Re: what's in a name? fingerprinted exec
> >
> > 
> > > > How about "verixec"?  VERIfied eXEC
> > 
> > or vexec ...
> double-yuck!  :-)

yeah, that is yucky, and as was pointed out by someone else it 
seems to pair it off with vfork etc.

> > No we are not, but this involves the actual code as well and I
> > do not like the idea of "verified_exec()" or "kern_verfied_exec.c"
> > (the latter of which breaks a convention).
> No, I don't think the latter would be breaking any (important)
> convention -- it _could_ even be adhering to one in fact.

After looking in kern/ there does not appear to be any convention
other than "identify it somehow" ...

> > veri_exec() and/or kern_vexec.c make more sense from a coding
> > standpoint,

> Saying what you mean in a symbol name (or file name) is equally
> important and there are a plethora of ways to avoid having to type too
> much if that's your concern.

True, but looking close to where the code resides (inside of check_exec())
something like check_verified_exec() looks odd. Maybe just
verify_exec(). Then, the module name could be the same name,
verify_exec.c since it is after all *doing* something, 
check_verified_exec() does not seem very clear to me at all.

Ultimately it is Brett's decision, however, 
At this point verify_exec for the symbol and "Verified Executable"
as a name in "general" seems like a good comprimise.


Jay Fink <>                 
NetBSD Developer <>
Senior SysAdmin/Programmer, Ipsos <>