From a92c1615a47e06009e9d893be6ddc45b18807944 Mon Sep 17 00:00:00 2001 From: elad Date: Sat, 22 Jul 2006 10:34:26 +0000 Subject: [PATCH] deprecate the VERIFIED_EXEC option; now we only need the pseudo-device to enable it. while here, some config file tweaks. tons of input from cube@ (thanks!) and okay blymn@. --- sys/conf/files | 13 ++++++------- sys/kern/exec_script.c | 12 ++++++------ sys/kern/init_main.c | 12 ++++++------ sys/kern/kern_exec.c | 16 ++++++++-------- sys/kern/vfs_syscalls.c | 22 +++++++++++----------- sys/kern/vfs_vnops.c | 32 ++++++++++++++++---------------- 6 files changed, 53 insertions(+), 54 deletions(-) diff --git a/sys/conf/files b/sys/conf/files index d6d91b6c26a6..adf56e99c4c2 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1,4 +1,4 @@ -# $NetBSD: files,v 1.789 2006/07/14 18:41:40 elad Exp $ +# $NetBSD: files,v 1.790 2006/07/22 10:34:26 elad Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 @@ -69,8 +69,7 @@ defflag opt_dkwedge.h DKWEDGE_AUTODISCOVER DKWEDGE_METHOD_GPT DKWEDGE_METHOD_MBR -defflag opt_verified_exec.h VERIFIED_EXEC - VERIFIED_EXEC_FP_SHA1 +defflag opt_verified_exec.h VERIFIED_EXEC_FP_SHA1 VERIFIED_EXEC_FP_SHA256 VERIFIED_EXEC_FP_SHA384 VERIFIED_EXEC_FP_SHA512 @@ -1134,10 +1133,10 @@ defpseudo ippp: isdndev, sppp, ifnet defpseudo kttcp file dev/kttcp.c kttcp needs-flag -# Verified exec fingerprint loader pseudo-device +# Veriexec defpseudo veriexec -file kern/kern_verifiedexec.c veriexec & fileassoc needs-flag -file dev/verified_exec.c veriexec & fileassoc needs-flag +file kern/kern_verifiedexec.c veriexec +file dev/verified_exec.c veriexec # isochronous pseudo device for IEEE 1394, i.LINK or FireWire defpseudo fwiso: ieee1394 @@ -1244,7 +1243,7 @@ file kern/kern_lock.c file kern/kern_lwp.c file kern/kern_malloc.c file kern/kern_malloc_debug.c malloc_debug -file kern/kern_fileassoc.c fileassoc needs-flag +file kern/kern_fileassoc.c fileassoc file kern/kern_ntptime.c file kern/kern_pax.c pax_mprotect file kern/kern_physio.c diff --git a/sys/kern/exec_script.c b/sys/kern/exec_script.c index abf5d0c32810..b680095a9ab9 100644 --- a/sys/kern/exec_script.c +++ b/sys/kern/exec_script.c @@ -1,4 +1,4 @@ -/* $NetBSD: exec_script.c,v 1.47 2006/05/14 21:15:11 elad Exp $ */ +/* $NetBSD: exec_script.c,v 1.48 2006/07/22 10:34:26 elad Exp $ */ /* * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.47 2006/05/14 21:15:11 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.48 2006/07/22 10:34:26 elad Exp $"); #if defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS) #define FDSCRIPTS /* Need this for safe set-id scripts. */ @@ -56,9 +56,9 @@ __KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.47 2006/05/14 21:15:11 elad Exp $" #include #include -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 #include -#endif /* VERIFIED_EXEC */ +#endif /* NVERIEXEC > 0 */ #ifdef SYSTRACE #include @@ -277,11 +277,11 @@ check_shell: scriptvp = epp->ep_vp; oldpnbuf = epp->ep_ndp->ni_cnd.cn_pnbuf; -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 if ((error = check_exec(l, epp, VERIEXEC_INDIRECT)) == 0) { #else if ((error = check_exec(l, epp, 0)) == 0) { -#endif +#endif /* NVERIEXEC > 0 */ /* note that we've clobbered the header */ epp->ep_flags |= EXEC_DESTR|EXEC_HASES; diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index 1345495111c5..350e1b5cb47f 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -1,4 +1,4 @@ -/* $NetBSD: init_main.c,v 1.272 2006/07/14 22:44:28 kardel Exp $ */ +/* $NetBSD: init_main.c,v 1.273 2006/07/22 10:34:26 elad Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1991, 1992, 1993 @@ -71,7 +71,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.272 2006/07/14 22:44:28 kardel Exp $"); +__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.273 2006/07/22 10:34:26 elad Exp $"); #include "opt_ipsec.h" #include "opt_kcont.h" @@ -141,9 +141,9 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.272 2006/07/14 22:44:28 kardel Exp $ #ifdef LKM #include #endif -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 #include -#endif +#endif /* NVERIEXEC > 0 */ #include #include @@ -337,13 +337,13 @@ main(void) fileassoc_init(); #endif /* FILEASSOC */ -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 /* * Initialise the fingerprint operations vectors before * fingerprints can be loaded. */ veriexec_init_fp_ops(); -#endif +#endif /* NVERIEXEC > 0 */ /* Attach pseudo-devices. */ for (pdev = pdevinit; pdev->pdev_attach != NULL; pdev++) diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 346798f57a8c..48c52fc3c1b0 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1,4 +1,4 @@ -/* $NetBSD: kern_exec.c,v 1.221 2006/07/19 21:11:37 ad Exp $ */ +/* $NetBSD: kern_exec.c,v 1.222 2006/07/22 10:34:26 elad Exp $ */ /*- * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou @@ -33,7 +33,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.221 2006/07/19 21:11:37 ad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.222 2006/07/22 10:34:26 elad Exp $"); #include "opt_ktrace.h" #include "opt_syscall_debug.h" @@ -65,9 +65,9 @@ __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.221 2006/07/19 21:11:37 ad Exp $"); #include #include #include -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 #include -#endif +#endif /* NVERIEXEC > 0 */ #ifdef SYSTRACE #include @@ -285,11 +285,11 @@ check_exec(struct lwp *l, struct exec_package *epp, int flag) VOP_UNLOCK(vp, 0); -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 if ((error = veriexec_verify(l, vp, epp->ep_ndp->ni_dirp, flag, NULL)) != 0) goto bad2; -#endif +#endif /* NVERIEXEC > 0 */ /* now we have the file, get the exec header */ uvn_attach(vp, VM_PROT_READ); @@ -487,11 +487,11 @@ execve1(struct lwp *l, const char *path, char * const *args, #endif /* see if we can run it. */ -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 if ((error = check_exec(l, &pack, VERIEXEC_DIRECT)) != 0) #else if ((error = check_exec(l, &pack, 0)) != 0) -#endif +#endif /* NVERIEXEC > 0 */ goto freehdr; /* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */ diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 6f40e15576c7..1b3b787c1824 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_syscalls.c,v 1.255 2006/07/20 16:18:14 christos Exp $ */ +/* $NetBSD: vfs_syscalls.c,v 1.256 2006/07/22 10:34:26 elad Exp $ */ /* * Copyright (c) 1989, 1993 @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.255 2006/07/20 16:18:14 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.256 2006/07/22 10:34:26 elad Exp $"); #include "opt_compat_netbsd.h" #include "opt_compat_43.h" @@ -69,9 +69,9 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_syscalls.c,v 1.255 2006/07/20 16:18:14 christos #ifdef FILEASSOC #include #endif /* FILEASSOC */ -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 #include -#endif /* VERIFIED_EXEC */ +#endif /* NVERIEXEC > 0 */ #include #include @@ -550,7 +550,7 @@ dounmount(struct mount *mp, int flags, struct lwp *l) int async; int used_syncer; -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 if (!doing_shutdown) { if (veriexec_strict >= 3) { printf("Veriexec: Lockdown mode, preventing unmount of" @@ -573,7 +573,7 @@ dounmount(struct mount *mp, int flags, struct lwp *l) } } } -#endif /* VERIFIED_EXEC */ +#endif /* NVERIEXEC > 0 */ #ifdef FILEASSOC (void)fileassoc_table_delete(mp); @@ -2023,7 +2023,7 @@ restart: goto out; } -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 /* Handle remove requests for veriexec entries. */ if ((error = veriexec_removechk(l, vp, nd.ni_dirp)) != 0) { VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd); @@ -2034,8 +2034,8 @@ restart: vput(vp); goto out; } -#endif /* VERIFIED_EXEC */ - +#endif /* NVERIEXEC > 0 */ + if (vn_start_write(nd.ni_dvp, &mp, V_NOWAIT) != 0) { VOP_ABORTOP(nd.ni_dvp, &nd.ni_cnd); if (nd.ni_dvp == vp) @@ -3355,11 +3355,11 @@ rename_files(const char *from, const char *to, struct lwp *l, int retain) error = -1; } -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 if (!error) error = veriexec_renamechk(fvp, tvp, fromnd.ni_dirp, tond.ni_dirp, l); -#endif /* VERIFIED_EXEC */ +#endif /* NVERIEXEC > 0 */ out: p = l->l_proc; diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index b87d2832940c..aad4b3f1acb9 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_vnops.c,v 1.114 2006/07/16 18:49:29 elad Exp $ */ +/* $NetBSD: vfs_vnops.c,v 1.115 2006/07/22 10:34:26 elad Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.114 2006/07/16 18:49:29 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.115 2006/07/22 10:34:26 elad Exp $"); #include "opt_verified_exec.h" @@ -72,9 +72,9 @@ __KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.114 2006/07/16 18:49:29 elad Exp $") int (*vn_union_readdir_hook) (struct vnode **, struct file *, struct lwp *); #endif -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 #include -#endif +#endif /* NVERIEXEC > 0 */ static int vn_read(struct file *fp, off_t *offset, struct uio *uio, kauth_cred_t cred, int flags); @@ -104,15 +104,15 @@ vn_open(struct nameidata *ndp, int fmode, int cmode) kauth_cred_t cred = l->l_proc->p_cred; struct vattr va; int error; -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 struct veriexec_file_entry *vfe = NULL; char pathbuf[MAXPATHLEN]; size_t pathlen; int (*copyfun)(const void *, void *, size_t, size_t *) = ndp->ni_segflg == UIO_SYSSPACE ? copystr : copyinstr; -#endif /* VERIFIED_EXEC */ +#endif /* NVERIEXEC > 0 */ -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 error = (*copyfun)(ndp->ni_dirp, pathbuf, sizeof(pathbuf), &pathlen); if (error) { if (veriexec_verbose >= 1) @@ -121,7 +121,7 @@ vn_open(struct nameidata *ndp, int fmode, int cmode) return (error); } -#endif /* VERIFIED_EXEC */ +#endif /* NVERIEXEC > 0 */ restart: if (fmode & O_CREAT) { @@ -133,7 +133,7 @@ restart: if ((error = namei(ndp)) != 0) return (error); if (ndp->ni_vp == NULL) { -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 /* Lockdown mode: Prevent creation of new files. */ if (veriexec_strict >= 3) { VOP_ABORTOP(ndp->ni_dvp, &ndp->ni_cnd); @@ -146,7 +146,7 @@ restart: error = EPERM; goto bad; } -#endif /* VERIFIED_EXEC */ +#endif /* NVERIEXEC > 0 */ VATTR_NULL(&va); va.va_type = VREG; @@ -201,17 +201,17 @@ restart: goto bad; } -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 if ((error = VOP_GETATTR(vp, &va, cred, l)) != 0) goto bad; -#endif +#endif /* NVERIEXEC > 0 */ if ((fmode & O_CREAT) == 0) { -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 if ((error = veriexec_verify(l, vp, pathbuf, VERIEXEC_FILE, &vfe)) != 0) goto bad; -#endif +#endif /* NVERIEXEC > 0 */ if (fmode & FREAD) { if ((error = VOP_ACCESS(vp, VREAD, cred, l)) != 0) @@ -226,7 +226,7 @@ restart: if ((error = vn_writechk(vp)) != 0 || (error = VOP_ACCESS(vp, VWRITE, cred, l)) != 0) goto bad; -#ifdef VERIFIED_EXEC +#if NVERIEXEC > 0 if (vfe != NULL) { veriexec_report("Write access request.", pathbuf, l, REPORT_NOVERBOSE, @@ -240,7 +240,7 @@ restart: vfe->status = FINGERPRINT_NOTEVAL; } } -#endif +#endif /* NVERIEXEC > 0 */ } }