CVS commit: src/sys/kern

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/kern
From: Elad Efrat <elad%netbsd.org@localhost>
Date: Thu, 23 Nov 2006 13:11:29 +0000 (UTC)

Module Name:    src
Committed By:   elad
Date:           Thu Nov 23 13:11:29 UTC 2006

Modified Files:
        src/sys/kern: kern_verifiedexec.c

Log Message:
Document flaw in veriexec_rawchk(). This is what I added to the comment:

 * XXX: This is bogus. There's an obvious race condition between the time
 * XXX: the disk is open for writing, in which an attacker can access a
 * XXX: monitored file to get its signature cached again, and when the raw
 * XXX: file is overwritten on disk.
 * XXX:
 * XXX: To solve this, we need something like the following:
 * XXX:         open raw disk:
 * XXX:           - raise refcount,
 * XXX:           - invalidate fingerprints,
 * XXX:           - mark all entries with "no cache" flag
 * XXX:
 * XXX:         veriexec_verify:
 * XXX:           - if "no cache", don't cache evaluation result
 * XXX:
 * XXX:         close raw disk:
 * XXX:           - lower refcount,
 * XXX:           - if refcount == 0, remove "no cache" flag from all entries


To generate a diff of this commit:
cvs rdiff -r1.69 -r1.70 src/sys/kern/kern_verifiedexec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/dist/dhcp/common
Next by Date: CVS commit: src/distrib/utils/x_dhclient
Previous by Thread: CVS commit: src/dist/dhcp/common
Next by Thread: CVS commit: src/distrib/utils/x_dhclient
Indexes:

Home | Main Index | Thread Index | Old Index