Subject: CVS commit: src
To: None <source-changes@NetBSD.org>
From: Elad Efrat <elad@netbsd.org>
List: source-changes
Date: 06/17/2005 17:46:18
Module Name:	src
Committed By:	elad
Date:		Fri Jun 17 17:46:18 UTC 2005

Modified Files:
	src/lib/libc/gen: sysctl.3
	src/sys/dev: verified_exec.c
	src/sys/kern: kern_verifiedexec.c vfs_syscalls.c vfs_vnops.c
	src/sys/sys: vnode.h

Log Message:
More veriexec changes:

- Better organize strict level. Now we have 4 levels:
  - Level 0, learning mode: Warnings only about anything that might've
      resulted in 'access denied' or similar in a higher strict level.

  - Level 1, IDS mode:
    - Deny access on fingerprint mismatch.
    - Deny modification of veriexec tables.

  - Level 2, IPS mode:
    - All implications of strict level 1.
    - Deny write access to monitored files.
    - Prevent removal of monitored files.
    - Enforce access type - 'direct', 'indirect', or 'file'.

  - Level 3, lockdown mode:
    - All implications of strict level 2.
    - Prevent creation of new files.
    - Deny access to non-monitored files.

- Update sysctl(3) man-page with above. (date bumped too :)

- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
  longer needed.

- Simplify veriexec_removechk() in light of new strict level policies.

- Eliminate use of 'securelevel'; veriexec now behaves according to
  its strict level only.


To generate a diff of this commit:
cvs rdiff -r1.149 -r1.150 src/lib/libc/gen/sysctl.3
cvs rdiff -r1.14 -r1.15 src/sys/dev/verified_exec.c
cvs rdiff -r1.25 -r1.26 src/sys/kern/kern_verifiedexec.c
cvs rdiff -r1.221 -r1.222 src/sys/kern/vfs_syscalls.c
cvs rdiff -r1.90 -r1.91 src/sys/kern/vfs_vnops.c
cvs rdiff -r1.138 -r1.139 src/sys/sys/vnode.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.