149 lines
4.7 KiB
Groff
149 lines
4.7 KiB
Groff
.\" $NetBSD: veriexec.4,v 1.17 2006/12/23 08:46:27 wiz Exp $
|
|
.\"
|
|
.\" Copyright 2005 Elad Efrat <elad@bsd.org.il>
|
|
.\" Copyright 2005 Brett Lymn <blymn@netbsd.org>
|
|
.\"
|
|
.\" This code is donated to The NetBSD Foundation by the author.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. The name of the Author may not be used to endorse or promote
|
|
.\" products derived from this software without specific prior written
|
|
.\" permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.Dd November 29, 2006
|
|
.Dt VERIEXEC 4
|
|
.Sh NAME
|
|
.Nm veriexec
|
|
.Nd Veriexec pseudo-device
|
|
.Sh SYNOPSIS
|
|
.Cd pseudo-device veriexec
|
|
.Sh DESCRIPTION
|
|
.Em Veriexec
|
|
verifies the integrity of specified executables and files before they are
|
|
run or read.
|
|
This makes it much more difficult to insert a trojan horse into the system
|
|
and also makes it more difficult to run binaries that are not supposed to
|
|
be running, for example, packet sniffers, DDoS clients and so on.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
pseudo-device is used to preform optimal table sizing, fingerprint loading,
|
|
and querying of entries, as part of the
|
|
.Em Veriexec
|
|
subsystem.
|
|
.Ss Kernel-userland interaction
|
|
.Em Veriexec
|
|
uses
|
|
.Xr proplib 3
|
|
for communication between the kernel and userland.
|
|
.Bl -tag -width XXXX
|
|
.It Dv VERIEXEC_TABLESIZE
|
|
Sizes the in kernel tables to accommodate the fingerprint entries.
|
|
This request must be made prior to loading the fingerprints into the kernel.
|
|
.Pp
|
|
The dictionary passed contains the following elements:
|
|
.Bl -column mount uintnnxt
|
|
.It Sy Name Type Purpose
|
|
.It mount string mount-point for the entries
|
|
.It count uint64_t number of entries
|
|
.El
|
|
.It Dv VERIEXEC_LOAD
|
|
Inserts a fingerprint into the in-kernel tables.
|
|
These tables must have been previously sized using the
|
|
.Dv VERIEXEC_TABLESIZE
|
|
request.
|
|
.Pp
|
|
The dictionary passed contains the following elements:
|
|
.Bl -column entryxtype string
|
|
.It Sy Name Type Purpose
|
|
.It file string filename for this entry
|
|
.It entry-type uint8 entry type ( see below )
|
|
.It fp-type string fingerprint hashing algorithm
|
|
.It fp data the fingerprint
|
|
.El
|
|
.Pp
|
|
.Dq entry-type
|
|
can be one or more (binary-OR'd) of the following:
|
|
.Bl -column veriexecxuntrusted effect
|
|
.It Sy Type Effect
|
|
.It Dv VERIEXEC_DIRECT can execute directly
|
|
.It Dv VERIEXEC_INDIRECT can execute indirectly (interpreter, Xr mmap 2 )
|
|
.It Dv VERIEXEC_FILE can be opened
|
|
.It Dv VERIEXEC_UNTRUSTED located on untrusted storage
|
|
.El
|
|
.It Dv VERIEXEC_DELETE
|
|
Removes either an entry for a single file or entries for an entire mount from
|
|
.Em Veriexec .
|
|
.Pp
|
|
The dictionary passed contains the following elements:
|
|
.Bl -column file string
|
|
.It Sy Name Type Purpose
|
|
.It file string filename or mount-point
|
|
.El
|
|
.It Dv VERIEXEC_QUERY
|
|
Queries
|
|
.Em Veriexec
|
|
about a file, returning information that may be useful about it.
|
|
.Pp
|
|
The dictionary passed contains the following elements:
|
|
.Bl -column file string
|
|
.It Sy Name Type Purpose
|
|
.It file string filename
|
|
.El
|
|
.Pp
|
|
The dictionary returned contains the following elements:
|
|
.Bl -column entryxtype string
|
|
.Sy Name Type Purpose
|
|
.It entry-type uint8 entry type ( see above )
|
|
.It status uint8 entry status
|
|
.It fp-type string fingerprint hashing algorithm
|
|
.It fp data the fingerprint
|
|
.El
|
|
.Pp
|
|
.Dq status
|
|
can be one of the following:
|
|
.Bl -column fingerprintxmismatch effect
|
|
.It Sy Status Meaning
|
|
.It Dv FINGERPRINT_NOTEVAL not evaluated
|
|
.It Dv FINGERPRINT_VALID fingerprint match
|
|
.It Dv FINGERPRINT_MISMATCH fingerprint mismatch
|
|
.El
|
|
.El
|
|
.Pp
|
|
Note that the requests
|
|
.Dv VERIEXEC_TABLESIZE ,
|
|
.Dv VERIEXEC_LOAD ,
|
|
and
|
|
.Dv VERIEXEC_DELETE
|
|
are not permitted once the strict level has been raised past 0.
|
|
.Sh SEE ALSO
|
|
.Xr proplib 3 ,
|
|
.Xr sysctl 3 ,
|
|
.Xr sysctl 8 ,
|
|
.Xr veriexecctl 8 ,
|
|
.Xr veriexecgen 8 ,
|
|
.Xr veriexec 9
|
|
.Sh NOTES
|
|
.Nm
|
|
is part of the default configuration on the following architectures: amd64,
|
|
i386, prep, sparc64.
|
|
.Sh AUTHORS
|
|
.An Brett Lymn Aq blymn@NetBSD.org
|
|
.An Elad Efrat Aq elad@NetBSD.org
|