Subject: Re: nfs optimization and veriexec
To: YAMAMOTO Takashi <>
From: Brett Lymn <>
List: tech-security
Date: 10/29/2007 21:59:06
On Mon, Oct 29, 2007 at 04:38:07PM +0900, YAMAMOTO Takashi wrote:
> [ re-add cc: tech-kern ]

sorry, my bad.

> yes, but i really don't want to have veriexec specific code in
> each filesystems.  can't veriexec be modified to deal with it?

At the moment, I am not sure.  I know that the checks were put in at
the file system specific level back in the days when I used the device
and inode as the unique identifier for the file.  Perhaps we can pull
the check back to the VFS level now that we are using a filehandle for
the unique identifier - iff we can get the filehandle for the file at
the VFS layer then we can probably put the veriexec check in the
appropriate VFS calls and fix the problem.

Brett Lymn
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."