Subject: Re: nfs optimization and veriexec
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: tech-security
Date: 12/22/2007 03:52:59
YAMAMOTO Takashi wrote:
>> That out of the way, it seems that this problem only applies to remote
>> file-systems, even if the "create" semantics are changed. Correct me if
>> I'm wrong, but the local file-system implementation will always know
>> when it's going to create a file or just open it -- even if the VFS
>> layer issues a "create if doesn't exist". Presuming that's the case,
>> wouldn't it be possible to add a kauth(9) scope allowing subsystems like
>> Veriexec to listen to, potentially blocking events?
>
> it isn't clear to me why the distinction is that important for veriexec.
> can you explain?
I think of it more towards the logging part, so Veriexec can't tell you
someone tried to create a new file, rather than the actual prevention
that can be achieved with mount read-only.
Not that I have strong feelings about this particular feature; I'm just
interested in if there's a straightforward way to keep it while moving
towards the direction you're talking about. :)
-e.