The following reply was made to PR kern/35278; it has been noted by GNATS.

From: yamt@mwd.biglobe.ne.jp (YAMAMOTO Takashi)
To: elad@NetBSD.org
Cc: gnats-bugs@NetBSD.org
Subject: Re: kern/35278: veriexec sometimes feeds user va to log(9)
Date: Wed, 20 Dec 2006 18:25:22 +0900 (JST)

 > YAMAMOTO Takashi wrote:
 > >> this is probably because we pass 'ni_dirp' in sys_unlink; possibly other
 > >> places too.
 > >>
 > >> -e.
 > > 
 > > check_exec does it, at least.  i haven't checked others.
 > 
 > attached diff handles the issue in check_exec (for both veriexec and
 > segvguard), sys_unlink, and rename_files.
 > 
 > -e.
 
 i don't think it's a good idea to sprinkle these redundant pnbuf allocation
 and copyinstr.
 
 if you really want to have a functionality to keep a copy of the original
 pathname, it should be done by making namei always use a caller-supplied
 buffer directly (and internal buffer only for symlink handing), rather
 than a hack like this, IMO.
 
 YAMAMOTO Takashi