73 lines
2.4 KiB
Groff
73 lines
2.4 KiB
Groff
.\" $NetBSD: verifiedexec.4,v 1.2 2003/04/29 12:38:01 wiz Exp $
|
|
.\"
|
|
.\" Copyright (c) 2002, Brett Lymn. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. The name of the author may not be used to endorse or promote products
|
|
.\" derived from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\"
|
|
.Dd October 24, 2002
|
|
.Dt VERIFIEDEXEC 4
|
|
.Os
|
|
.Sh NAME
|
|
.Nm verifiedexec
|
|
.Nd Verified exec signature loader device
|
|
.Sh SYNOPSIS
|
|
.Cd options VERIFIED_EXEC
|
|
.Cd pseudo-device verifiedexec 1
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
driver provides a method of loading the fingerprints used by the
|
|
verified exec feature.
|
|
The fingerprints are loaded by opening
|
|
.Nm
|
|
and then using the
|
|
.Dv VERIEXECLOAD
|
|
ioctl to feed the fingerprints into kernel space.
|
|
Note that the loading should only be done after a mount of all file systems
|
|
that contain files which have fingerprints associated with them.
|
|
Signatures may only be loaded when the kernel
|
|
.Dv securelevel
|
|
is set to 0.
|
|
.Sh ERRORS
|
|
The
|
|
.Nm
|
|
device will return
|
|
.Er EPERM
|
|
if
|
|
.Dv securelevel
|
|
is greater than 0.
|
|
An
|
|
.Er ENOENT
|
|
error will be returned if the file path passed in does not exist.
|
|
.Sh SEE ALSO
|
|
.Xr ioctl 2 ,
|
|
.Xr sysctl 8
|
|
.Sh AUTHORS
|
|
The
|
|
.Nm
|
|
driver was originally written for
|
|
.Nx
|
|
by
|
|
.An Brett Lymn .
|