Subject: Re: verified executable kernel modification committed
To: Brett Lymn <blymn@baesystems.com.au>
From: Luke Mewburn <lukem@netbsd.org>
List: tech-security
Date: 10/30/2002 09:05:25
On Wed, Oct 30, 2002 at 01:10:11AM +1030, Brett Lymn wrote:
| Folks,
| First off let me say a big thanks to the people who told me
| this crazy idea was good. Especially thanks to Jason R Fink for doing
| the hard yards and helping me out in thrashing this into the shape it
| is currently in. I feel this code is ready enough to be useful but
| there are some aspects that can be improved on.
Excellent.
| Q: How do I build a kernel with this feature? A: Look for the
| GENERIC_VERIEXEC kernel config for a template on how to configure
| your kernel. As of this moment I have only done this for i386 but
| all this should be machine independent.
|
| Q: How are the fingerprints loaded into the kernel?
| A: They are passed into the kernel via a pseudo-device (/dev/veriexec)
| by a loader app called verifiedexec_loader
|
| Q: How do I generate the fingerprints?
| A: You could look at the verifiedexec_load man page for the signature
| file format. Or you can check out some simple minded scripts in
| /usr/share/example/verifiedexec_load that do a full scan of your
| system and generate the fingerprints for you.
A comment on the names ...
Device: /dev/veriexec
Kernel option: VERIFIED_EXEC
Control prog: /sbin/verifiedexec_load
Examples: /usr/share/example/verifiedexec_load
I would prefer to see some consistency within the suite and also with
prior art in NetBSD.
At a minimum, the control program (and associated examples) should be
"veriexecctl" or something like that (instead of "verifiedexec_load").
As for the kernel option name, that's probably OK.
Luke.