Subject: Re: veriexecgen: removing duplicate files
To: YAMAMOTO Takashi <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 10/30/2006 02:31:56
YAMAMOTO Takashi wrote:
> 1. consider the following two are hardlinks of the same binary.
> 2. you run fpgen for /bin/*. it creates a db which only contains /bin/foo.
> 3. someone removes /bin/bar and installs another version of /bin/bar.
> 4. now the db doesn't cover /bin/bar.
> isn't it a problem?
> (i don't claim i understand the model of veriexec. :-)
yep. the duplication check code was really there because the kernel was
bombing with messages. I just changed it a bit so it's less of an
annoyance, removing the need for (well, unless someone *really* wants to
do it :) duplicate entry checks in veriexecgen.