tech-userlevel: Re: Additional features for veriexecgen(8)

Subject: Re: Additional features for veriexecgen(8)
To: None <tech-userlevel@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: tech-userlevel
Date: 10/09/2006 14:33:06

In article <20061009112200.GB895@cslin012.csunix.comp.leeds.ac.uk>,
M J Fleming  <scs5mjf@comp.leeds.ac.uk> wrote:
>-=-=-=-=-=-
>
>Attached is a patch that implements a number of new features for veriexecgen.
> 
>The "-F" command-line option instructs veriexecgen(8) to "guess" which
>flags should be written to the fingerprint file for certain files, based on 
>characteristics of that file (its path, permissions, etc).
> 
>For instance, executing,
> 
>"veriexecgen -F"
> 
>instructs veriexecgen to search the default system paths for files.
>This will cause all files that are on a local filesystem and are executable
>to have the flag "PROGRAM" written to the fingerprint file. Any files that
>are not executable will have "FILE" written to the fingerprint file. If any
>of the files on the default system paths are on non-local filesystems,
>the flag "UNTRUSTED" will be appended to the flags for that file.
>
>Of course, a way to make even more intelligent decisions about the flags
>that will be written to the fingerprint file is needed. This patch also provides
>the user with a way to specify (in conjuection with F) that they want 
>veriexecgen to use default values for common library paths, script suffixes
>and interpreter paths (/bin/sh, /bin/ksh, etc).
> 
>These are wildcards for pathnames which are compared against the files, they
>can be turned on with command-line options,
>
>- A default list of interpreter paths (-I)
>- A default list of library paths (-L)
>- A default list of script suffixes  (-S)
> 
>These changes are intended to allow the user to type less and achieve more.
> 
>The command-line options -i, -s, -l also allow the user to specify custom paths
>for interpreters, script suffixes and library paths, respectively. These 
>options allow paths to be specified via globbing, which uses the globbing rules
>based on the user's shell.
>
>Examples:
>
>"veriexecgen -i '/usr/pkg/bin/python2.4'" - labels the file 
>					    /usr/pkg/bin/python2.4 as an
>  				    	    interpreter.
> 
>"veriexecgen -l '/mnt/lib/*'" - labels all files in the directory /mnt/lib
>				as libraries.
>
>"veriexecgen -s '*.xxx'" -  Treats as files with a suffix of 'xxx' as scripts.
>
>Thanks,
>Matt

Please send-pr this so that it does not get lost.

christos