Subject: Re: Getting rid of /dev/veriexec
To: Elad Efrat <elad@NetBSD.org>
From: Nathan J. Williams <nathanw@wasabisystems.com>
List: tech-kern
Date: 12/02/2005 08:50:13
Elad Efrat <elad@NetBSD.org> writes:

> YAMAMOTO Takashi wrote:
> 
> > why?
> 
> Loading fingerprints to Veriexec is a two-phase process: first you
> create a hash table with N entries, then you load file-by-file from
> /etc/signatures.
> 
> I think that doing this is cleaner by using sysctl(), much like
> how we use sysctl() for the network PCBs, for example.

Let's see. You want to read and write control and bulk data, from a
special-to-the-kernel node in a hierarchical namespace. This totally
smells like reinventing /dev.

> First we sysctl() to create a table, then we sysctl() to add a file
> to the table; we can also sysctl() to remove a file from a table. It's
> simply, to me, a cleaner and more logical interface to this kernel
> feature.

This "cleaner" is clearly a matter of taste. 


> 2. If, some day, Veriexec would have the feature of returning the hash
>    for a given file (or any other configuration inspection) it might
>    be desired that a process with root privileges in a chroot cage (...)
>    could be prevented from accessing that information.

This sounds like an argument for leaving it in the filesystem.

        - Nathan