dlagno@mail.nnov.ru wrote:
> No older than 5-7 days.  I see CVS logs say that veriexec entry was fixed 
> in January.  But there is no mention about veriexec in my /dev/MAKEDEV.  
> While src/etc/MAKEDEV.tmpl contains some entry about it.  My /dev/MAKEDEV 
> is just from etc.tgz which was built by ./build.sh -someflags 
> distribution sets

Which architecture are you using?

Jaromir
 
> > >  Only messages about mismatched fingerprints are really always 
> > > important.  Messages about lacking fingerprint may be not so 
> interesting 
> > > but they also go as "kern.crit".  Those messages can junk up logs. 
> > 
> > No, I don't think you are correct on that.  Lacking a fingerprint
> > *should* not happen once the fingerprints have been loaded into the
> > kernel.  If you have securelevel at 3 then those executables would be
> > denied execution.  Lacking a fingerprint should be an indication that
> > someone is trying to run something that has not been made part of the
> > trusted computing base and as such the incident should be investigated
> > and acted on.
> 
> OK, I see.  But you certainly will have junked up logs if try to rebuild 
> system with tools on machine with veriexec turned on:)
> 

-- 
Jaromir Dolecek <jdolecek@NetBSD.org>            http://www.NetBSD.cz/
-=- We should be mindful of the potential goal, but as the Buddhist -=-
-=- masters say, ``You may notice during meditation that you        -=-
-=- sometimes levitate or glow.   Do not let this distract you.''   -=-