Subject: Re: nfs optimization and veriexec
To: None <elad@bsd.org.il>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-security
Date: 11/12/2007 09:55:15
> YAMAMOTO Takashi wrote:
> 
> > yes, but i really don't want to have veriexec specific code in
> > each filesystems.  can't veriexec be modified to deal with it?
> 
> For a while I've been wanting to modify the way Veriexec does some
> things, namely the check of strict level in dev/verified_exec.c, by
> adding a kauth(9) scope for it to perform operations on.
> 
> Perhaps it's a good time to introduce said scope, and add an action
> to indicate whether the NFS optimization can take place. Would that
> work for you?

i'm not sure what you mean by "an action to indicate whether the
NFS optimization can take place."
do you mean to make nfs call kauth_authorize_foo with the action?

> The only thing I'm wondering about is what the kernel would do in
> case Veriexec is not even compiled in... maybe just put in weak-aliased
> stubs (similar to secmodel_start() in kern/init_main.c).
> 
> (perhaps having a file that is always compiled and contains weak-aliased
> always-allow stubs for when conditionally compiled in scopes are not
> compiled in is appropriate? :)
> 
> -e.

i don't understand how it matters.
do you mean a very veriexec specific scope which doesn't make sense at all
unless veriexec is compiled in?

YAMAMOTO Takashi