Subject: Re: Getting rid of /dev/veriexec
To: Elad Efrat <elad@NetBSD.org>
From: Nathan J. Williams <nathanw@wasabisystems.com>
List: tech-kern
Date: 12/02/2005 08:50:13
Elad Efrat <elad@NetBSD.org> writes:
> YAMAMOTO Takashi wrote:
>
> > why?
>
> Loading fingerprints to Veriexec is a two-phase process: first you
> create a hash table with N entries, then you load file-by-file from
> /etc/signatures.
>
> I think that doing this is cleaner by using sysctl(), much like
> how we use sysctl() for the network PCBs, for example.
Let's see. You want to read and write control and bulk data, from a
special-to-the-kernel node in a hierarchical namespace. This totally
smells like reinventing /dev.
> First we sysctl() to create a table, then we sysctl() to add a file
> to the table; we can also sysctl() to remove a file from a table. It's
> simply, to me, a cleaner and more logical interface to this kernel
> feature.
This "cleaner" is clearly a matter of taste.
> 2. If, some day, Veriexec would have the feature of returning the hash
> for a given file (or any other configuration inspection) it might
> be desired that a process with root privileges in a chroot cage (...)
> could be prevented from accessing that information.
This sounds like an argument for leaving it in the filesystem.
- Nathan