veriexec(4)
- NetBSD Manual Pages
VERIEXEC(4) NetBSD Kernel Interfaces Manual VERIEXEC(4)
NAME
veriexec -- Veriexec pseudo-device
SYNOPSIS
pseudo-device veriexec
DESCRIPTION
The veriexec pseudo-device is used to interface the kernel's Veriexec
data-structures. It is used to size the kernel data structures and load
the Veriexec fingerprints into kernel memory.
Veriexec file operations
All the following operations are invoked using the ioctl(2) system call.
Refer to that man page for the description of the request and argp param-
eters. The following section lists the requests that can be made via
ioctl(2).
Veriexec file request descriptions
VERIEXEC_TABLESIZE struct veriexec_sizing_params
Sizes the in kernel hash tables to accommodate the
fingerprint entries. This request must be made prior
to loading the fingerprints into the kernel. The
argument structure contains the device to which the
hash table relates and the number of fingerprint
entries that will be loaded into the kernel for the
device.
VERIEXEC_LOAD struct veriexec_params
Inserts a fingerprint into the in-kernel tables.
These tables must have been previously sized using
the VERIEXEC_TABLESIZE request. The argument struc-
ture is, as defined in
/usr/include/sys/verified_exec.h:
struct veriexec_params {
unsigned char type;
unsigned char fp_type[VERIEXEC_TYPE_MAXLEN];
char file[MAXPATHLEN];
unsigned int size;
unsigned char *fingerprint;
};
Where type is a bitfield that can be binary-OR'd with
one or more of:
VERIEXEC_DIRECT Allow execution of the file if
fingerprint matches.
VERIEXEC_INDIRECT Allow execution of the file as a
script interpreter only, direct
command line invocation is disal-
lowed.
VERIEXEC_FILE The file is a plain file, not an
executable.
Followed by fp_type, which is the fingerprint type.
This is a case-insensitive character string that must
match one of the fingerprint types supported by the
running kernel. Next the path to the file to which
the fingerprint applies. The field size is the num-
ber of bytes contained in the fingerprint, this is
used by the kernel to provide a simple sanity check
on the fingerprint passed. Lastly, the fingerprint
is a pointer to an array of characters that comprise
the fingerprint for the file.
Note that the requests VERIEXEC_TABLESIZE and VERIEXEC_LOAD are not per-
mitted once the veriexec strict level has been raised past 0 by setting
kern.veriexec.strict using sysctl(8).
SEE ALSO
sysctl(3), sysctl(8), veriexecctl(8)
NOTES
The size field in the VERIEXEC_LOAD structure is only used to validate
that the size of the fingerprint being passed is the expected size for
that fingerprint hash type; it is not used for any other purpose. A
malicious person could deliberately mismatch the size of the fingerprint
array and, possibly, cause a kernel page fault panic when the kernel
reads the input fingerprint array memory. Due to this, it is recommended
only the root user be allowed to access this device.
NetBSD 3.0 August 2, 2005 NetBSD 3.0
Powered by man-cgi (2024-03-20).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.