Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/sys/miscfs
History
elad 8fc0d7a9c3 Introduce per-page fingerprints in Veriexec. 
This closes a hole pointed out by Thor Lancelot Simon on tech-kern ~3
years ago.

The problem was with running binaries from remote storage, where our
kernel (and Veriexec) has no control over any changes to files.

An attacker could, after the fingerprint has been verified and
program loaded to memory, inject malicious code into the backing
store on the remote storage, followed by a forced flush, causing
a page-in of the malicious data from backing store, bypassing
integrity checks.

Initial implementation by Brett Lymn.
 		2005-10-05 13:48:48 +00:00
..
deadfs Remove __P() 2005-08-30 20:08:01 +00:00
fdesc Apply the NFS exports list rototill patch: 2005-09-23 12:10:31 +00:00
fifofs Remove __P() 2005-08-30 20:08:01 +00:00
genfs Introduce per-page fingerprints in Veriexec. 2005-10-05 13:48:48 +00:00
kernfs Apply the NFS exports list rototill patch: 2005-09-23 12:10:31 +00:00
nullfs Apply the NFS exports list rototill patch: 2005-09-23 12:10:31 +00:00
overlay Apply the NFS exports list rototill patch: 2005-09-23 12:10:31 +00:00
portal Apply the NFS exports list rototill patch: 2005-09-23 12:10:31 +00:00
procfs Add "cwd" and "root" symlinks to each process's directory. The cwd 2005-10-01 03:17:37 +00:00
specfs in spec_ioctl(), don't dereference v_specinfo if it's NULL. 2005-09-11 14:18:54 +00:00
syncfs Add sysctl options for the syncer: 2005-09-11 17:55:56 +00:00
umapfs Apply the NFS exports list rototill patch: 2005-09-23 12:10:31 +00:00
Makefile ptyfs moved from sys/miscfs/ to sys/fs/ 2004-11-11 18:57:21 +00:00