Subject: Re: Additional features for veriexecgen(8)
To: None <>
From: Christos Zoulas <>
List: tech-userlevel
Date: 10/09/2006 14:33:06
In article <>,
M J Fleming  <> wrote:
>Attached is a patch that implements a number of new features for veriexecgen.
>The "-F" command-line option instructs veriexecgen(8) to "guess" which
>flags should be written to the fingerprint file for certain files, based on 
>characteristics of that file (its path, permissions, etc).
>For instance, executing,
>"veriexecgen -F"
>instructs veriexecgen to search the default system paths for files.
>This will cause all files that are on a local filesystem and are executable
>to have the flag "PROGRAM" written to the fingerprint file. Any files that
>are not executable will have "FILE" written to the fingerprint file. If any
>of the files on the default system paths are on non-local filesystems,
>the flag "UNTRUSTED" will be appended to the flags for that file.
>Of course, a way to make even more intelligent decisions about the flags
>that will be written to the fingerprint file is needed. This patch also provides
>the user with a way to specify (in conjuection with F) that they want 
>veriexecgen to use default values for common library paths, script suffixes
>and interpreter paths (/bin/sh, /bin/ksh, etc).
>These are wildcards for pathnames which are compared against the files, they
>can be turned on with command-line options,
>- A default list of interpreter paths (-I)
>- A default list of library paths (-L)
>- A default list of script suffixes  (-S)
>These changes are intended to allow the user to type less and achieve more.
>The command-line options -i, -s, -l also allow the user to specify custom paths
>for interpreters, script suffixes and library paths, respectively. These 
>options allow paths to be specified via globbing, which uses the globbing rules
>based on the user's shell.
>"veriexecgen -i '/usr/pkg/bin/python2.4'" - labels the file 
>					    /usr/pkg/bin/python2.4 as an
>  				    	    interpreter.
>"veriexecgen -l '/mnt/lib/*'" - labels all files in the directory /mnt/lib
>				as libraries.
>"veriexecgen -s '*.xxx'" -  Treats as files with a suffix of 'xxx' as scripts.

Please send-pr this so that it does not get lost.