Subject: Re: Additional features for veriexecgen(8)
To: None <tech-userlevel@NetBSD.org>
From: Elad Efrat <elad@NetBSD.org>
List: tech-userlevel
Date: 10/09/2006 21:30:41
David,

I strongly object to your suggestions below.

The idea behind veriexecgen's design, which I asked Matt to follow, is
simplicity. It's no secret that it duplicates other utilities'
"intelligence" -- in fact, that was the purpose when I suggested we
replace the shell-script with a C program. Your idea is a *serious*
regression in that regard, and in fact make the tool even less usable
than it was as a script.

-e.

David Young wrote:
> Matt,
> 
> veriexecgen duplicates some other UNIX utilities' intelligence.  In the
> spirit of "the UNIX philosophy," <http://cbbrowne.com/info/unix.html>,
> consider simplifying veriexecgen as follows.  If there are no files on the
> veriexecgen command line, let it read a list of files from the standard
> input, classifying every file as the flags indicate (default = program,
> -f = file, -i = interpreter, -u = untrusted, etc.).  Use veriexecgen
> in combination with other simple programs in a pipeline to achieve your
> desired ends.  Examples below:
> 
> On Mon, Oct 09, 2006 at 12:22:03PM +0100, M J Fleming wrote:
>> Attached is a patch that implements a number of new features for veriexecgen.
>>  
>> The "-F" command-line option instructs veriexecgen(8) to "guess" which
>> flags should be written to the fingerprint file for certain files, based on 
>> characteristics of that file (its path, permissions, etc).
>>  
>> For instance, executing,
>>  
>> "veriexecgen -F"
>>  
>> instructs veriexecgen to search the default system paths for files.
>> This will cause all files that are on a local filesystem and are executable
>> to have the flag "PROGRAM" written to the fingerprint file. Any files that
>> are not executable will have "FILE" written to the fingerprint file. If any
>> of the files on the default system paths are on non-local filesystems,
>> the flag "UNTRUSTED" will be appended to the flags for that file.
> 
> #!/bin/sh
> 
> IFS=:
> set -- $PATH
> find "$@" -fstype local -type f -perm -0100 | veriexecgen
> find "$@" -fstype local -type f ! -perm -0100 | veriexecgen -f
> find "$@" ! -fstype local -type f -perm -0100 | veriexecgen -u
> find "$@" ! -fstype local -type f ! -perm -0100 | veriexecgen -f -u
> 
> (That script is longer to type than 'veriexecgen -F," but it is shorter
> than the equivalent C code, and you only have to write it once. :-)
> 
>> Of course, a way to make even more intelligent decisions about the flags
>> that will be written to the fingerprint file is needed. This patch also provides
>> the user with a way to specify (in conjuection with F) that they want 
>> veriexecgen to use default values for common library paths, script suffixes
>> and interpreter paths (/bin/sh, /bin/ksh, etc).
> 
> #!/bin/sh
> 
> find /bin/{sh,csh,ksh,tcsh} -type f -perm -0100 | veriexecgen -i
> 
>> These are wildcards for pathnames which are compared against the files, they
>> can be turned on with command-line options,
>>
>> - A default list of interpreter paths (-I)
>> - A default list of library paths (-L)
>> - A default list of script suffixes  (-S)
>>  
>> These changes are intended to allow the user to type less and achieve more.
>>  
>> The command-line options -i, -s, -l also allow the user to specify custom paths
>> for interpreters, script suffixes and library paths, respectively. These 
>> options allow paths to be specified via globbing, which uses the globbing rules
>> based on the user's shell.
>>
>> Examples:
>>
>> "veriexecgen -i '/usr/pkg/bin/python2.4'" - labels the file 
>> 					    /usr/pkg/bin/python2.4 as an
>>   				    	    interpreter.
> 
> veriexecgen -i /usr/pkg/bin/python2.4
> 
>> "veriexecgen -l '/mnt/lib/*'" - labels all files in the directory /mnt/lib
>> 				as libraries.
> 
> veriexecgen -l /mnt/lib/*
> 
>> "veriexecgen -s '*.xxx'" -  Treats as files with a suffix of 'xxx' as scripts.
> 
> find . -name '*.xxx' -type f | veriexecgen -s
> 
> Dave
> 


-- 
Elad Efrat