Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deprecate the VERIFIED_EXEC option; now we only need the pseudo-device to 

enable it. while here, some config file tweaks.

tons of input from cube@ (thanks!) and okay blymn@.
This commit is contained in:
elad 2006-07-22 10:34:26 +00:00
parent a6e0095c33
commit a92c1615a4
6 changed files with 53 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sys/conf/files
View File

@ -1,4 +1,4 @@
# $NetBSD: files,v 1.789 2006/07/14 18:41:40 elad Exp $
# $NetBSD: files,v 1.790 2006/07/22 10:34:26 elad Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
@ -69,8 +69,7 @@ defflag opt_dkwedge.h DKWEDGE_AUTODISCOVER
DKWEDGE_METHOD_GPT
DKWEDGE_METHOD_MBR
defflag opt_verified_exec.h VERIFIED_EXEC
VERIFIED_EXEC_FP_SHA1
defflag opt_verified_exec.h VERIFIED_EXEC_FP_SHA1
VERIFIED_EXEC_FP_SHA256
VERIFIED_EXEC_FP_SHA384
VERIFIED_EXEC_FP_SHA512
@ -1134,10 +1133,10 @@ defpseudo ippp: isdndev, sppp, ifnet
defpseudo kttcp
file dev/kttcp.c kttcp needs-flag
# Verified exec fingerprint loader pseudo-device
# Veriexec
defpseudo veriexec
file kern/kern_verifiedexec.c veriexec & fileassoc needs-flag
file dev/verified_exec.c veriexec & fileassoc needs-flag
file kern/kern_verifiedexec.c veriexec
file dev/verified_exec.c veriexec
# isochronous pseudo device for IEEE 1394, i.LINK or FireWire
defpseudo fwiso: ieee1394
@ -1244,7 +1243,7 @@ file kern/kern_lock.c
file kern/kern_lwp.c
file kern/kern_malloc.c
file kern/kern_malloc_debug.c malloc_debug
file kern/kern_fileassoc.c fileassoc needs-flag
file kern/kern_fileassoc.c fileassoc
file kern/kern_ntptime.c
file kern/kern_pax.c pax_mprotect
file kern/kern_physio.c

12
sys/kern/exec_script.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: exec_script.c,v 1.47 2006/05/14 21:15:11 elad Exp $ */
/* $NetBSD: exec_script.c,v 1.48 2006/07/22 10:34:26 elad Exp $ */
/*
* Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou
@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.47 2006/05/14 21:15:11 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.48 2006/07/22 10:34:26 elad Exp $");
#if defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS)
#define FDSCRIPTS /* Need this for safe set-id scripts. */
@ -56,9 +56,9 @@ __KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.47 2006/05/14 21:15:11 elad Exp $"
#include <sys/exec_script.h>
#include <sys/exec_elf.h>
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
#include <sys/verified_exec.h>
#endif /* VERIFIED_EXEC */
#endif /* NVERIEXEC > 0 */
#ifdef SYSTRACE
#include <sys/systrace.h>
@ -277,11 +277,11 @@ check_shell:
scriptvp = epp->ep_vp;
oldpnbuf = epp->ep_ndp->ni_cnd.cn_pnbuf;
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
if ((error = check_exec(l, epp, VERIEXEC_INDIRECT)) == 0) {
#else
if ((error = check_exec(l, epp, 0)) == 0) {
#endif
#endif /* NVERIEXEC > 0 */
/* note that we've clobbered the header */
epp->ep_flags |= EXEC_DESTR|EXEC_HASES;

12
sys/kern/init_main.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: init_main.c,v 1.272 2006/07/14 22:44:28 kardel Exp $ */
/* $NetBSD: init_main.c,v 1.273 2006/07/22 10:34:26 elad Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1991, 1992, 1993
@ -71,7 +71,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.272 2006/07/14 22:44:28 kardel Exp $");
__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.273 2006/07/22 10:34:26 elad Exp $");
#include "opt_ipsec.h"
#include "opt_kcont.h"
@ -141,9 +141,9 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.272 2006/07/14 22:44:28 kardel Exp $
#ifdef LKM
#include <sys/lkm.h>
#endif
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
#include <sys/verified_exec.h>
#endif
#endif /* NVERIEXEC > 0 */
#include <sys/kauth.h>
#include <net80211/ieee80211_netbsd.h>
@ -337,13 +337,13 @@ main(void)
fileassoc_init();
#endif /* FILEASSOC */
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
/*
* Initialise the fingerprint operations vectors before
* fingerprints can be loaded.
*/
veriexec_init_fp_ops();
#endif
#endif /* NVERIEXEC > 0 */
/* Attach pseudo-devices. */
for (pdev = pdevinit; pdev->pdev_attach != NULL; pdev++)

16
sys/kern/kern_exec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: kern_exec.c,v 1.221 2006/07/19 21:11:37 ad Exp $ */
/* $NetBSD: kern_exec.c,v 1.222 2006/07/22 10:34:26 elad Exp $ */
/*-
* Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
@ -33,7 +33,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.221 2006/07/19 21:11:37 ad Exp $");
__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.222 2006/07/22 10:34:26 elad Exp $");
#include "opt_ktrace.h"
#include "opt_syscall_debug.h"
@ -65,9 +65,9 @@ __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.221 2006/07/19 21:11:37 ad Exp $");
#include <sys/sa.h>
#include <sys/savar.h>
#include <sys/syscallargs.h>
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
#include <sys/verified_exec.h>
#endif
#endif /* NVERIEXEC > 0 */
#ifdef SYSTRACE
#include <sys/systrace.h>
@ -285,11 +285,11 @@ check_exec(struct lwp *l, struct exec_package *epp, int flag)
VOP_UNLOCK(vp, 0);
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
if ((error = veriexec_verify(l, vp, epp->ep_ndp->ni_dirp, flag,
NULL)) != 0)
goto bad2;
#endif
#endif /* NVERIEXEC > 0 */
/* now we have the file, get the exec header */
uvn_attach(vp, VM_PROT_READ);
@ -487,11 +487,11 @@ execve1(struct lwp *l, const char *path, char * const *args,
#endif
/* see if we can run it. */
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
if ((error = check_exec(l, &pack, VERIEXEC_DIRECT)) != 0)
#else
if ((error = check_exec(l, &pack, 0)) != 0)
#endif
#endif /* NVERIEXEC > 0 */
goto freehdr;
/* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */

22
sys/kern/vfs_syscalls.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_syscalls.c,v 1.255 2006/07/20 16:18:14 christos Exp $ */
/* $NetBSD: vfs_syscalls.c,v 1.256 2006/07/22 10:34:26 elad Exp $ */
/*
* Copyright (c) 1989, 1993
@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.255 2006/07/20 16:18:14 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.256 2006/07/22 10:34:26 elad Exp $");
#include "opt_compat_netbsd.h"
#include "opt_compat_43.h"
@ -69,9 +69,9 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.255 2006/07/20 16:18:14 christos
#ifdef FILEASSOC
#include <sys/fileassoc.h>
#endif /* FILEASSOC */
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
#include <sys/verified_exec.h>
#endif /* VERIFIED_EXEC */
#endif /* NVERIEXEC > 0 */
#include <sys/kauth.h>
#include <miscfs/genfs/genfs.h>
@ -550,7 +550,7 @@ dounmount(struct mount *mp, int flags, struct lwp *l)
int async;
int used_syncer;
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
if (!doing_shutdown) {
if (veriexec_strict >= 3) {
printf("Veriexec: Lockdown mode, preventing unmount of"
@ -573,7 +573,7 @@ dounmount(struct mount *mp, int flags, struct lwp *l)
}
}
}
#endif /* VERIFIED_EXEC */
#endif /* NVERIEXEC > 0 */
#ifdef FILEASSOC
(void)fileassoc_table_delete(mp);
@ -2023,7 +2023,7 @@ restart:
goto out;
}
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
/* Handle remove requests for veriexec entries. */
if ((error = veriexec_removechk(l, vp, nd.ni_dirp)) != 0) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
@ -2034,8 +2034,8 @@ restart:
vput(vp);
goto out;
}
#endif /* VERIFIED_EXEC */
#endif /* NVERIEXEC > 0 */
if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) {
VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd);
if (nd.ni_dvp == vp)
@ -3355,11 +3355,11 @@ rename_files(const char *from, const char *to, struct lwp *l, int retain)
error = -1;
}
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
if (!error)
error = veriexec_renamechk(fvp, tvp, fromnd.ni_dirp,
tond.ni_dirp, l);
#endif /* VERIFIED_EXEC */
#endif /* NVERIEXEC > 0 */
out:
p = l->l_proc;

32
sys/kern/vfs_vnops.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vfs_vnops.c,v 1.114 2006/07/16 18:49:29 elad Exp $ */
/* $NetBSD: vfs_vnops.c,v 1.115 2006/07/22 10:34:26 elad Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.114 2006/07/16 18:49:29 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.115 2006/07/22 10:34:26 elad Exp $");
#include "opt_verified_exec.h"
@ -72,9 +72,9 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.114 2006/07/16 18:49:29 elad Exp $")
int (*vn_union_readdir_hook) (struct vnode **, struct file *, struct lwp *);
#endif
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
#include <sys/verified_exec.h>
#endif
#endif /* NVERIEXEC > 0 */
static int vn_read(struct file *fp, off_t *offset, struct uio *uio,
kauth_cred_t cred, int flags);
@ -104,15 +104,15 @@ vn_open(struct nameidata *ndp, int fmode, int cmode)
kauth_cred_t cred = l->l_proc->p_cred;
struct vattr va;
int error;
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
struct veriexec_file_entry *vfe = NULL;
char pathbuf[MAXPATHLEN];
size_t pathlen;
int (*copyfun)(const void *, void *, size_t, size_t *) =
ndp->ni_segflg == UIO_SYSSPACE ? copystr : copyinstr;
#endif /* VERIFIED_EXEC */
#endif /* NVERIEXEC > 0 */
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
error = (*copyfun)(ndp->ni_dirp, pathbuf, sizeof(pathbuf), &pathlen);
if (error) {
if (veriexec_verbose >= 1)
@ -121,7 +121,7 @@ vn_open(struct nameidata *ndp, int fmode, int cmode)
return (error);
}
#endif /* VERIFIED_EXEC */
#endif /* NVERIEXEC > 0 */
restart:
if (fmode & O_CREAT) {
@ -133,7 +133,7 @@ restart:
if ((error = namei(ndp)) != 0)
return (error);
if (ndp->ni_vp == NULL) {
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
/* Lockdown mode: Prevent creation of new files. */
if (veriexec_strict >= 3) {
VOP_ABORTOP(ndp->ni_dvp, &ndp->ni_cnd);
@ -146,7 +146,7 @@ restart:
error = EPERM;
goto bad;
}
#endif /* VERIFIED_EXEC */
#endif /* NVERIEXEC > 0 */
VATTR_NULL(&va);
va.va_type = VREG;
@ -201,17 +201,17 @@ restart:
goto bad;
}
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
if ((error = VOP_GETATTR(vp, &va, cred, l)) != 0)
goto bad;
#endif
#endif /* NVERIEXEC > 0 */
if ((fmode & O_CREAT) == 0) {
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
if ((error = veriexec_verify(l, vp, pathbuf,
VERIEXEC_FILE, &vfe)) != 0)
goto bad;
#endif
#endif /* NVERIEXEC > 0 */
if (fmode & FREAD) {
if ((error = VOP_ACCESS(vp, VREAD, cred, l)) != 0)
@ -226,7 +226,7 @@ restart:
if ((error = vn_writechk(vp)) != 0 ||
(error = VOP_ACCESS(vp, VWRITE, cred, l)) != 0)
goto bad;
#ifdef VERIFIED_EXEC
#if NVERIEXEC > 0
if (vfe != NULL) {
veriexec_report("Write access request.",
pathbuf, l, REPORT_NOVERBOSE,
@ -240,7 +240,7 @@ restart:
vfe->status = FINGERPRINT_NOTEVAL;
}
}
#endif
#endif /* NVERIEXEC > 0 */
}
}