Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src - Use more calls to veriexec_report() where possible.
details: https://anonhg.NetBSD.org/src/rev/4798f3d774be
branches: trunk
changeset: 582213:4798f3d774be
user: elad <elad%NetBSD.org@localhost>
date: Mon Jun 20 15:06:18 2005 +0000
description:
- Use more calls to veriexec_report() where possible.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.
diffstat:
lib/libc/gen/sysctl.3 | 5 ++-
sys/dev/verified_exec.c | 59 ++++++++++++++++++++-----------------------
sys/kern/kern_verifiedexec.c | 21 +++++++--------
sys/sys/verified_exec.h | 29 ++++++++------------
4 files changed, 53 insertions(+), 61 deletions(-)
diffs (278 lines):
diff -r fdb8fb2d31a7 -r 4798f3d774be lib/libc/gen/sysctl.3
--- a/lib/libc/gen/sysctl.3 Mon Jun 20 14:30:29 2005 +0000
+++ b/lib/libc/gen/sysctl.3 Mon Jun 20 15:06:18 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: sysctl.3,v 1.151 2005/06/17 18:19:39 wiz Exp $
+.\" $NetBSD: sysctl.3,v 1.152 2005/06/20 15:06:18 elad Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
@@ -29,7 +29,7 @@
.\"
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95
.\"
-.Dd June 17, 2005
+.Dd June 20, 2005
.Dt SYSCTL 3
.Os
.Sh NAME
@@ -892,6 +892,7 @@
fingerprinted file.
If 1, more messages will be printed (ie., when a file with a valid
fingerprint is accessed).
+Verbose level 2 is debug mode.
.It Li VERIEXEC_STRICT
Controls the strict level of Verified Exec.
The strict level defines how
diff -r fdb8fb2d31a7 -r 4798f3d774be sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c Mon Jun 20 14:30:29 2005 +0000
+++ b/sys/dev/verified_exec.c Mon Jun 20 15:06:18 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verified_exec.c,v 1.16 2005/06/19 18:22:36 elad Exp $ */
+/* $NetBSD: verified_exec.c,v 1.17 2005/06/20 15:06:18 elad Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -31,9 +31,9 @@
#include <sys/cdefs.h>
#if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.16 2005/06/19 18:22:36 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.17 2005/06/20 15:06:18 elad Exp $");
#else
-__RCSID("$Id: verified_exec.c,v 1.16 2005/06/19 18:22:36 elad Exp $\n$NetBSD: verified_exec.c,v 1.16 2005/06/19 18:22:36 elad Exp $");
+__RCSID("$Id: verified_exec.c,v 1.17 2005/06/20 15:06:18 elad Exp $\n$NetBSD: verified_exec.c,v 1.17 2005/06/20 15:06:18 elad Exp $");
#endif
#include <sys/param.h>
@@ -121,11 +121,11 @@
veriexecopen(dev_t dev __unused, int flags __unused,
int fmt __unused, struct proc *p __unused)
{
-#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
- printf("Veriexec: veriexecopen: Veriexec load device open attempt by "
- "uid=%u, pid=%u. (dev=%d)\n", p->p_ucred->cr_uid,
- p->p_pid, dev);
-#endif
+ if (veriexec_verbose >= 2) {
+ printf("Veriexec: veriexecopen: Veriexec load device "
+ "open attempt by uid=%u, pid=%u. (dev=%d)\n",
+ p->p_ucred->cr_uid, p->p_pid, dev);
+ }
if (suser(p->p_ucred, &p->p_acflag) != 0)
return (EPERM);
@@ -207,6 +207,7 @@
error = namei(&nid);
if (error)
return (error);
+
/* Add only regular files. */
if (nid.ni_vp->v_type != VREG) {
printf("Veriexec: veriexecioctl: Not adding \"%s\": "
@@ -232,32 +233,28 @@
hh = veriexec_lookup(va.va_fsid, va.va_fileid);
if (hh != NULL) {
/*
- * Duplicate entry. Still check the type to
- * ensure enforcement of a stricter policy.
- * I.e. if original entry was direct exec but
- * the new params flag the file as indirect or
- * file then update the hash entry to the new
- * type to ensure duplicate entries do not
- * degrade the security policy...
+ * Duplicate entry; handle access type conflict
+ * and enforce 'FILE' over 'INDIRECT' over
+ * 'DIRECT'.
*/
-
- if ((hh->type != params->type) &&
- ((params->type == VERIEXEC_INDIRECT) ||
- (params->type == VERIEXEC_FILE))) {
+ if (hh->type < params->type) {
hh->type = params->type;
- printf("Veriexec: veriexecioctl: Duplicate "
- "entry for %s, (dev=%lu, inode=%lu) "
- "but type mismatched. "
- "Updating type to stricter one.\n",
- params->file, va.va_fsid, va.va_fileid);
+
+ veriexec_report("Duplicate entry with "
+ "access type mismatch. "
+ "Updating to stricter "
+ "type.", params->file,
+ &va, NULL,
+ REPORT_NOVERBOSE,
+ REPORT_NOALARM,
+ REPORT_NOPANIC);
+ } else {
+ veriexec_report("Duplicate entry.",
+ params->file, &va, NULL,
+ REPORT_VERBOSE_HIGH,
+ REPORT_NOALARM,
+ REPORT_NOPANIC);
}
-
-#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
- printf("Veriexec: veriexecioctl: Duplicate "
- "entry for %s. (dev=%lu, inode=%lu) "
- "Ignoring.\n", params->file,
- va.va_fsid, va.va_fileid);
-#endif
return (0);
}
diff -r fdb8fb2d31a7 -r 4798f3d774be sys/kern/kern_verifiedexec.c
--- a/sys/kern/kern_verifiedexec.c Mon Jun 20 14:30:29 2005 +0000
+++ b/sys/kern/kern_verifiedexec.c Mon Jun 20 15:06:18 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_verifiedexec.c,v 1.28 2005/06/19 18:22:36 elad Exp $ */
+/* $NetBSD: kern_verifiedexec.c,v 1.29 2005/06/20 15:06:18 elad Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.28 2005/06/19 18:22:36 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.29 2005/06/20 15:06:18 elad Exp $");
#include <sys/param.h>
#include <sys/mount.h>
@@ -260,10 +260,9 @@
int
veriexec_fp_cmp(struct veriexec_fp_ops *ops, u_char *fp1, u_char *fp2)
{
-#ifdef VERIFIED_EXEC_DEBUG
- int i;
+ if (veriexec_verbose >= 2) {
+ int i;
- if (veriexec_verbose > 1) {
printf("comparing hashes...\n");
printf("fp1: ");
for (i = 0; i < ops->hash_len; i++) {
@@ -275,7 +274,6 @@
}
printf("\n");
}
-#endif
return (memcmp(fp1, fp2, ops->hash_len));
}
@@ -357,7 +355,6 @@
u_char *digest = NULL;
int error = 0;
- /* XXXEE Ignore non-VREG files. */
if (vp->v_type != VREG)
return (0);
@@ -375,7 +372,9 @@
M_WAITOK);
error = veriexec_fp_calc(p, vp, vhe, va->va_size, digest);
if (error) {
- /* XXXEE verbose+ printf here */
+ veriexec_report("Fingerprint calculation error.",
+ name, va, NULL, REPORT_NOVERBOSE,
+ REPORT_NOALARM, REPORT_NOPANIC);
free(digest, M_TEMP);
return (error);
}
@@ -510,8 +509,8 @@
*/
void
veriexec_report(const u_char *msg, const u_char *filename,
- struct vattr *va, struct proc *p, int verbose_only,
- int alarm, int die)
+ struct vattr *va, struct proc *p, int verbose, int alarm,
+ int die)
{
void (*f)(const char *, ...);
@@ -523,7 +522,7 @@
else
f = (void (*)(const char *, ...)) printf;
- if (!verbose_only || veriexec_verbose) {
+ if (!verbose || (verbose == veriexec_verbose)) {
if (!alarm || p == NULL)
f("veriexec: %s [%s, %d:%u%s", msg, filename,
va->va_fsid, va->va_fileid,
diff -r fdb8fb2d31a7 -r 4798f3d774be sys/sys/verified_exec.h
--- a/sys/sys/verified_exec.h Mon Jun 20 14:30:29 2005 +0000
+++ b/sys/sys/verified_exec.h Mon Jun 20 15:06:18 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verified_exec.h,v 1.13 2005/06/19 18:22:37 elad Exp $ */
+/* $NetBSD: verified_exec.h,v 1.14 2005/06/20 15:06:18 elad Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -29,27 +29,26 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.13 2005/06/19 18:22:37 elad Exp $");
-
/*
*
* Definitions for the Verified Executables kernel function.
*
*/
+#ifndef _SYS_VERIFIED_EXEC_H_
+#define _SYS_VERIFIED_EXEC_H_
+
+#include <sys/cdefs.h>
#include <sys/param.h>
#include <sys/hash.h>
-#ifndef V_EXEC_H
-#define V_EXEC_H 1
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.14 2005/06/20 15:06:18 elad Exp $");
/* Max length of the fingerprint type string, including terminating \0 char */
#define VERIEXEC_TYPE_MAXLEN 9
struct veriexec_params {
unsigned char type;
- unsigned char fp_type[VERIEXEC_TYPE_MAXLEN]; /* type of fingerprint
- this is */
+ unsigned char fp_type[VERIEXEC_TYPE_MAXLEN];
char file[MAXPATHLEN];
unsigned int size; /* number of bytes in the fingerprint */
unsigned char *fingerprint;
@@ -61,7 +60,8 @@
};
/*
- * Types of veriexec inodes we can have
+ * Types of veriexec inodes we can have. Ordered from less strict to
+ * most strict -- this is enforced if a duplicate entry is loaded.
*/
#define VERIEXEC_DIRECT 0 /* Allow direct execution */
#define VERIEXEC_INDIRECT 1 /* Only allow indirect execution */
@@ -150,6 +150,7 @@
/* Readable values for veriexec_report(). */
#define REPORT_NOVERBOSE 0
#define REPORT_VERBOSE 1
+#define REPORT_VERBOSE_HIGH 2
#define REPORT_NOPANIC 0
#define REPORT_PANIC 1
#define REPORT_NOALARM 0
@@ -191,12 +192,6 @@
void veriexec_report(const u_char *, const u_char *, struct vattr *,
struct proc *, int, int, int);
-#endif
+#endif /* _KERNEL */
-#ifdef VERIFIED_EXEC_DEBUG
-#define veriexec_dprintf(x) printf x
-#else
-#define veriexec_dprintf(x)
-#endif /* VERIFIED_EXEC_DEBUG */
-
-#endif
+#endif /* _SYS_VERIFIED_EXEC_H_ */
Home |
Main Index |
Thread Index |
Old Index