Subject: EFAULT in veriexecctl(8) in do_ioctl()
To: None <>
From: Edward B. Dreger <>
List: tech-userlevel
Date: 05/05/2005 16:21:13
Greetings all,

I hope this isn't so basic that it belongs on netbsd-help, or so
involved that I should send a PR.  Feel free to point me in the correct
direction if needed.

* New 2.0.2 system
* veriexecctl(8) fails with EFAULT in do_ioctl().

My troubles began with 2.0 on a different system, where /etc/signatures
seemed not to be loaded.  I tried manually running veriexecctl(8) after
bootup, was discouraged by EPERM, presumed it was newbie-itis, and
decided to try again another time.

Fast forward 3-4 months to today.  I compiled the kernel with "options
insecure" to hold securelevel at -1.  Now when I run veriexecctl(8)
after boot, EPERM is gone (as expected), but has been replaced by

The system has compiled several kernels flawlessly, so I don't think
it's wonky CPU/MB/PS/RAM, but I won't swear to it 100%.  I'll post dmesg
output if that would be useful, but my gut feeling tells me there might
be something amiss with the VERIEXECLOAD ioctl() handler.

Any quick suggestions or comments, or should I dig into kernel source?
I hesitate to scream "broken!" re a major feature on a production
release, but am puzzled what else could be the culprit.

Everquick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
DO NOT send mail to the following addresses: -*- -*-
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.