Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
140,406 Commits 606 Branches 0 Tags 3.1 GiB
C 85.3%
Roff 7.2%
Assembly 3.1%
Shell 1.7%
Makefile 1.2%
Other 0.9%
8fc0d7a9c3
Go to file
elad 8fc0d7a9c3 Introduce per-page fingerprints in Veriexec. 
This closes a hole pointed out by Thor Lancelot Simon on tech-kern ~3
years ago.

The problem was with running binaries from remote storage, where our
kernel (and Veriexec) has no control over any changes to files.

An attacker could, after the fingerprint has been verified and
program loaded to memory, inject malicious code into the backing
store on the remote storage, followed by a forced flush, causing
a page-in of the malicious data from backing store, bypassing
integrity checks.

Initial implementation by Brett Lymn.
2005-10-05 13:48:48 +00:00
bin fix setmode error handling. 2005-10-01 20:23:54 +00:00
crypto Fix bug when using hybrid auth in client mode 2005-09-26 16:24:57 +00:00
dist Support NetBSD. 2005-10-01 10:23:28 +00:00
distrib Add locate.updatedb(8). 2005-10-05 06:29:03 +00:00
doc Note Xen network backend inprovements. 2005-10-02 21:55:41 +00:00
etc Better size estimation (the previous code counted the compressed kernels, 2005-10-04 16:11:15 +00:00
games Drop trailing whitespace. 2005-09-15 02:10:37 +00:00
gnu add a missing dependency (discovered by parallel build). 2005-10-02 17:52:22 +00:00
include Add a comment asking to update sysexits(3) when adding more entries. 2005-09-30 20:56:19 +00:00
lib Document security level for sysctl and security.curtain. 2005-10-03 22:22:10 +00:00
libexec logxfer(): don't use the same buffer to store the results of two separate 2005-10-03 00:02:25 +00:00
regress Add a test to make sure loops are handled properly. 2005-10-04 22:56:20 +00:00
rescue put back tetris; by popular demand. 2005-09-23 00:29:51 +00:00
sbin Introduce per-page fingerprints in Veriexec. 2005-10-05 13:48:48 +00:00
share Introduce per-page fingerprints in Veriexec. 2005-10-05 13:48:48 +00:00
sys Introduce per-page fingerprints in Veriexec. 2005-10-05 13:48:48 +00:00
tools Fix previous commit. Broken logic 2005-10-04 04:56:19 +00:00
usr.bin Add locate.updatedb(8). 2005-10-05 06:29:03 +00:00
usr.sbin Fix do_defaults() so that it errors when there's a mismatch. 2005-10-02 23:46:48 +00:00
x11 Enable XInput in all Xsun flavours. Fixes fallout from enabling XFree86. 2005-10-03 20:22:08 +00:00
build.sh It needs the braceexpand option for PD KSH, regardless of 2005-09-25 05:34:21 +00:00
BUILDING Document the environment variables for if you need to override or 2005-02-15 18:41:18 +00:00
Makefile Modify "release" to invoke "make distribution" instead of "make build", 2005-08-25 02:04:39 +00:00
Makefile.inc don't set KERNSRCDIR here; pull in <bsd.kernobj.mk> if you need it 2002-04-10 14:53:43 +00:00
UPDATING note about conf/std. 2005-10-03 04:45:52 +00:00