We can now delete an entry from the tables using
veriexecctl delete /path/to/file
or remove an entire table using
veriexecctl delete /mount_point
(any directory will work for the mount point it's on)
This closes a hole pointed out by Thor Lancelot Simon on tech-kern ~3
years ago.
The problem was with running binaries from remote storage, where our
kernel (and Veriexec) has no control over any changes to files.
An attacker could, after the fingerprint has been verified and
program loaded to memory, inject malicious code into the backing
store on the remote storage, followed by a forced flush, causing
a page-in of the malicious data from backing store, bypassing
integrity checks.
Initial implementation by Brett Lymn.
- Verified Exec -> Veriexec
- pseudo-device is `veriexec'
- veriexec.conf -> signatures, and mention /etc/signatures as the default
location
- We use veriexec's strict level, not the system securelevel
- Mention the `direct' option
- Mention that the signatures file can have multiple options in a single
entry, comma-separated
- Mention that both `direct' and `indirect' access modes are implied
if no access modes are explicitly mention in the options
- Bump date
- Report line numbers correctly.
- Don't perform a 2nd pass when there are were errors during 1st.
- Support multiple, comma-separated flags. This is mostly a reworking of
some parser internals preparing for planned features.
Use -I${.CURDIR} instead of -I. to support placement of objects elsewhere.
Make sure arguments to ctype functions are unsigned char by changing the
type of one function argument.
Fix "local declaration shadows global" warnings by renaming variables.
Fix printing of size_t variable to use %zu format instead of %u.
* We now use hash tables instead of a list to store the in kernel
fingerprints.
* Fingerprint methods handling has been made more flexible, it is now
even simpler to add new methods.
* the loader no longer passes in magic numbers representing the
fingerprint method so veriexecctl is not longer kernel specific.
* fingerprint methods can be tailored out using options in the kernel
config file.
* more fingerprint methods added - rmd160, sha256/384/512
* veriexecctl can now report the fingerprint methods supported by the
running kernel.
* regularised the naming of some portions of veriexec.
