YAMAMOTO Takashi wrote:

> 1. consider the following two are hardlinks of the same binary.
> 
> 	/bin/foo
> 	/bin/bar
> 
> 2. you run fpgen for /bin/*.  it creates a db which only contains /bin/foo.
> 
> 3. someone removes /bin/bar and installs another version of /bin/bar.
> 
> 4. now the db doesn't cover /bin/bar.
> 
> isn't it a problem?
> (i don't claim i understand the model of veriexec. :-)

yep. the duplication check code was really there because the kernel was
bombing with messages. I just changed it a bit so it's less of an
annoyance, removing the need for (well, unless someone *really* wants to
do it :) duplicate entry checks in veriexecgen.

-e.

-- 
Elad Efrat