Subject: Re: verified executables
To: Brett Lymn <>
From: Jason Thorpe <>
List: tech-security
Date: 01/26/2006 10:05:55
On Jan 26, 2006, at 3:55 AM, Brett Lymn wrote:

> There are no indications as to whether or not a file is in the
> in-kernel hash tables.  Making such a change would be fairly intrusive
> to the stat structure.  Also, it does mean that an attacker would be
> able to simply determine if a file is protected or not... at the
> moment that is difficult to determine and finding out would leave log
> traces.

Along those lines, it would be nice to have something like Mac OS X's  
getattrlist(2) / setattrlist(2) so that we could have some  
extensibility in this area.

-- thorpej