Subject: Re: veriexecgen: removing duplicate files
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <firstname.lastname@example.org>
Date: 10/30/2006 09:23:21
> YAMAMOTO Takashi wrote:
> >> Hi, currently veriexecgen will create a seperate entry in a fingerprintdb file
> >> for hard-links. The attached patch only adds one entry per inode/device number.
> >> Is it safe to use inode/device pairs for this purpose? Comments?
> > what's the point to exclude hardlinks?
> just a way to keep files smaller; it doesn't really matter because
> veriexec will handle it okay regardless...
1. consider the following two are hardlinks of the same binary.
2. you run fpgen for /bin/*. it creates a db which only contains /bin/foo.
3. someone removes /bin/bar and installs another version of /bin/bar.
4. now the db doesn't cover /bin/bar.
isn't it a problem?
(i don't claim i understand the model of veriexec. :-)