Subject: Re: Additional features for veriexecgen(8)
To: None <firstname.lastname@example.org>
From: Christos Zoulas <email@example.com>
Date: 10/09/2006 14:33:06
In article <20061009112200.GB895@cslin012.csunix.comp.leeds.ac.uk>,
M J Fleming <firstname.lastname@example.org> wrote:
>Attached is a patch that implements a number of new features for veriexecgen.
>The "-F" command-line option instructs veriexecgen(8) to "guess" which
>flags should be written to the fingerprint file for certain files, based on
>characteristics of that file (its path, permissions, etc).
>For instance, executing,
>instructs veriexecgen to search the default system paths for files.
>This will cause all files that are on a local filesystem and are executable
>to have the flag "PROGRAM" written to the fingerprint file. Any files that
>are not executable will have "FILE" written to the fingerprint file. If any
>of the files on the default system paths are on non-local filesystems,
>the flag "UNTRUSTED" will be appended to the flags for that file.
>Of course, a way to make even more intelligent decisions about the flags
>that will be written to the fingerprint file is needed. This patch also provides
>the user with a way to specify (in conjuection with F) that they want
>veriexecgen to use default values for common library paths, script suffixes
>and interpreter paths (/bin/sh, /bin/ksh, etc).
>These are wildcards for pathnames which are compared against the files, they
>can be turned on with command-line options,
>- A default list of interpreter paths (-I)
>- A default list of library paths (-L)
>- A default list of script suffixes (-S)
>These changes are intended to allow the user to type less and achieve more.
>The command-line options -i, -s, -l also allow the user to specify custom paths
>for interpreters, script suffixes and library paths, respectively. These
>options allow paths to be specified via globbing, which uses the globbing rules
>based on the user's shell.
>"veriexecgen -i '/usr/pkg/bin/python2.4'" - labels the file
> /usr/pkg/bin/python2.4 as an
>"veriexecgen -l '/mnt/lib/*'" - labels all files in the directory /mnt/lib
> as libraries.
>"veriexecgen -s '*.xxx'" - Treats as files with a suffix of 'xxx' as scripts.
Please send-pr this so that it does not get lost.