Subject: Re: veriexecgen: removing duplicate files
To: None <>
From: YAMAMOTO Takashi <>
List: tech-userlevel
Date: 10/30/2006 09:23:21
> YAMAMOTO Takashi wrote:
> >> Hi, currently veriexecgen will create a seperate entry in a fingerprintdb file 
> >> for hard-links. The attached patch only adds one entry per inode/device number.
> >> Is it safe to use inode/device pairs for this purpose? Comments?
> > 
> > what's the point to exclude hardlinks?
> just a way to keep files smaller; it doesn't really matter because
> veriexec will handle it okay regardless...
> -e.

1. consider the following two are hardlinks of the same binary.


2. you run fpgen for /bin/*.  it creates a db which only contains /bin/foo.

3. someone removes /bin/bar and installs another version of /bin/bar.

4. now the db doesn't cover /bin/bar.

isn't it a problem?
(i don't claim i understand the model of veriexec. :-)