Re: veriexec mishap after system update

[Stathis Kamperis <ekamperi%gmail.com@localhost>]

2009/8/7 Elad Efrat <elad%netbsd.org@localhost>:
> Brett Lymn wrote:
>>
>> On Wed, Aug 05, 2009 at 01:49:46AM +0300, Stathis Kamperis wrote:
>>>
>>> After a system upgrade, I forgot (although I usually do) to re-run
>>> veriexecgen and I ended up with an unusable system. During boot, some
>>> binaries, which were updated, generated hash mismatches (reasonable)
>>> and I couldn't even login. I had to hard reset the system, boot up
>>> single user mode, fsck my partitions, edit rc.conf to not load
>>> veriexec, reboot, regenerate the hashes and enable it again in
>>> rc.conf.
>>>
>>
>> Well, at least you know it is effective ;) (you have to allow me a bit
>> of humour here... I cannot count the number of times some bug or other
>> caused me the same sort of grief when I was developing veriexec)

Hehe, it works like a charm Brett! No question about that!
You and Elad wrote a very neat piece of software, so I grab the chance
to thank you both here.

>>> It is doable, it's just inconvenient. I think it should be documented
>>> or perhaps be automated in some way.
>>>
>>
>> Documented, yes, automated no.  I strongly believe that this sort of
>> security enforement needs to be thought about when updating.
>>
>> I think another bullet point in the "things to remember" section would
>> probably be a good approach.

No objections, my first thought was to just document the need of it.

> I have in my todo a veriexecgen feature to take an existing signatures
> file and regenerate it, which I think can at least make the process
> faster, even if we choose not to fully automate it.

That would work too! Elad, if you can't make it till late August, I
may come up with a patch.
Until then, I'm tied to google summer of code.

Best regards,
Stathis