Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-3]: src/sys/kern Pull up revision 1.197 (requested by elad in tic...

details:   https://anonhg.NetBSD.org/src/rev/363fd144c1a4
branches:  netbsd-3
changeset: 576096:363fd144c1a4
user:      tron <tron%NetBSD.org@localhost>
date:      Fri Jun 10 14:48:28 2005 +0000

description:
Pull up revision 1.197 (requested by elad in ticket #389):
Rototill of the verified exec functionality.
* We now use hash tables instead of a list to store the in kernel
fingerprints.
* Fingerprint methods handling has been made more flexible, it is now
even simpler to add new methods.
* the loader no longer passes in magic numbers representing the
fingerprint method so veriexecctl is not longer kernel specific.
* fingerprint methods can be tailored out using options in the kernel
config file.
* more fingerprint methods added - rmd160, sha256/384/512
* veriexecctl can now report the fingerprint methods supported by the
running kernel.
* regularised the naming of some portions of veriexec.

diffstat:

 sys/kern/kern_exec.c |  10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diffs (38 lines):

diff -r 3c3b4f1b7b89 -r 363fd144c1a4 sys/kern/kern_exec.c
--- a/sys/kern/kern_exec.c      Fri Jun 10 14:48:21 2005 +0000
+++ b/sys/kern/kern_exec.c      Fri Jun 10 14:48:28 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_exec.c,v 1.194 2005/02/18 00:21:37 peter Exp $    */
+/*     $NetBSD: kern_exec.c,v 1.194.4.1 2005/06/10 14:48:28 tron Exp $ */
 
 /*-
  * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.194 2005/02/18 00:21:37 peter Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.194.4.1 2005/06/10 14:48:28 tron Exp $");
 
 #include "opt_ktrace.h"
 #include "opt_syscall_debug.h"
@@ -63,6 +63,9 @@
 #include <sys/sa.h>
 #include <sys/savar.h>
 #include <sys/syscallargs.h>
+#ifdef VERIFIED_EXEC
+#include <sys/verified_exec.h>
+#endif
 
 #include <uvm/uvm_extern.h>
 
@@ -265,7 +268,8 @@
 
 #ifdef VERIFIED_EXEC
         /* Evaluate signature for file... */
-        if ((error = check_veriexec(p, vp, epp, direct_exec)) != 0)
+        if ((error = veriexec_verify(p, vp, epp->ep_vap,
+                                    epp->ep_name, direct_exec)) != 0)
                 goto bad2;
 #endif
Home | Main Index | Thread Index | Old Index