On Mon, 15 Nov 2004 13:20:31 +1030
Brett Lymn <blymn@baesystems.com.au> wrote:

> Awwwww it doesn't count that it's my code? ;)

I figured it'd tweak you if I didn't acknowledge that ;-)

> > Seriously, though, what's the drawback?
> 
> Probably the worst is that it does have a negative impact on file
> opens and that it is a real pain in the butt if you want to change
> things.  The scheme is really meant for specific function machines
> like routers and firewalls where you want to make sure things are not
> changed.

How does it deal with self-modifying code as one might see in a buffer
overflow? Is the fingerprint only valid up to the point the image is
loaded into memory?

> >and is it available across all ports?
> > 
> 
> Not yet.  That is my bad.  I need to do the work to put the
> pseudo-device into all the architectures which is scary for me because
> I can only test 3 architectures (i386, amd64 and sparc).  The actual
> kernel stuff is machine independent, it's just the fingerprint loading
> pseudo-device that is missing.

I'd offer to help, but my hands are full squashing bugs on macppc. Since
it isn't available across ports, can it be justified as a default option
in the kernel?

tim :-)