Subject: veriexec(4) duplicate entries
To: None <current-users@netbsd.org>
From: Nino Dehne <ndehne@gmail.com>
List: current-users
Date: 08/21/2005 14:05:58
Hi,

veriexec currently refuses to load valid entries with a message like

veriexec: Duplicate entry. [/usr/sbin/zzz, 4352:3223] old[type=0x01, \
algorithm=RMD160], new[type=0x01, algorithm=rmd160] (same fingerprint)

Or rather, it works differently than expected in that the pathname of
the file doesn't add to its uniqueness.

It appears that pathnames are not actually compared when looking
up an entry. This means any filesystem entry pointing to the same inode
as a currently stored entry is automatically valid. Is this an intended
effect?

What comes to mind are binaries that act differently depending on the
name they are called with. Say I have files A and B, hardlinked to the
same inode. I want to allow execution of A but not B. Currently that's
impossible. Think shells offering a restricted mode by calling them via
r$SHELL.

Is the name of an executable really discardable in the context of a
mechanism like veriexec? Am I overlooking something?

Regards,

ND

PS: I'm on 3.0_BETA