Subject: Re: veriexec strictness
To: Nino Dehne <ndehne@gmail.com>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 06/15/2005 00:53:16
Hey,

Nino Dehne wrote:

> I'm not sure where this belongs. I'm running 3.0_BETA as of today and
> tried to use the recently backported new veriexec. I noticed that,
> with kern.veriexec.strict=1, the system fails to read _any_ file for
> which there is no fingerprint, e.g. an ls -la fails with a read on
> /etc/pwd.db due to "Operation not permitted".

That is a bug, Thanks for reporting. Revision 1.25 of
sys/kern/kern_verifiedexec.c fixes it.

> Also, I fail to see what good a strictness level of 2 would do, which,
> according to the man page, also prevents writing to a file for which
> there is no fingerprint or a mismatching fingerprint. How exactly does
> one write a file without altering its fingerprint?

Normal operation should be done using strict level 1. Level 2 was
introduced to allow an administrator to 'freeze' a box after it was
compromised -- for example, prevent any background clean-up processes
from removing traces, etc.

For now it seems like we won't be splitting the strict level further,
but who knows? :)

-e.

-- 
Elad Efrat
PGP Key ID: 0x666EB914