Subject: Re: what's in a name? fingerprinted exec
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Jason R. Fink <firstname.lastname@example.org>
Date: 10/16/2002 13:15:01
On Wed, Oct 16, 2002 at 12:35:36PM -0400, Greg A. Woods wrote:
> [ On Wednesday, October 16, 2002 at 11:02:42 (-0400), Jason R. Fink wrote: ]
> > Subject: Re: what's in a name? fingerprinted exec
> > > > How about "verixec"? VERIfied eXEC
> > or vexec ...
> double-yuck! :-)
yeah, that is yucky, and as was pointed out by someone else it
seems to pair it off with vfork etc.
> > No we are not, but this involves the actual code as well and I
> > do not like the idea of "verified_exec()" or "kern_verfied_exec.c"
> > (the latter of which breaks a convention).
> No, I don't think the latter would be breaking any (important)
> convention -- it _could_ even be adhering to one in fact.
After looking in kern/ there does not appear to be any convention
other than "identify it somehow" ...
> > veri_exec() and/or kern_vexec.c make more sense from a coding
> > standpoint,
> Saying what you mean in a symbol name (or file name) is equally
> important and there are a plethora of ways to avoid having to type too
> much if that's your concern.
True, but looking close to where the code resides (inside of check_exec())
something like check_verified_exec() looks odd. Maybe just
verify_exec(). Then, the module name could be the same name,
verify_exec.c since it is after all *doing* something,
check_verified_exec() does not seem very clear to me at all.
Ultimately it is Brett's decision, however,
At this point verify_exec for the symbol and "Verified Executable"
as a name in "general" seems like a good comprimise.
Jay Fink <http://jrf.odpn.net/>
NetBSD Developer <http://www.netbsd.org/>
Senior SysAdmin/Programmer, Ipsos <http://www.ipsos.com/>