Subject: Re: veriexec logs
To: None <tech-kern@netbsd.org>
From: None <dlagno@mail.nnov.ru>
List: tech-kern
Date: 03/22/2004 13:36:21
This is a multi-part message in MIME format.
----------part405ec1a54d2eb
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit

Hi,

Attached to this message is patch to kern/kern_verifiedexec.c.  By 
default all remains the same as before.  But if you include in your 
kernel config line like "options VERIEXEC_LTBL_SIZE=64" then veriexec 
will keep track of some recent files with lacking fingerprints detected.  
Log messages about these files will be issued only once.  With this patch 
you can for example rebuild your system with tools without junking up 
logs.

Comments?  Could it be committed?

Also when I inspected current veriexec implementation I see that inode to 
check fingerprint for is searched in a linear list (probably few 
thousands entries long).  Is it for certain that this search is dominated 
by calculation of fingerprint?

> -----Original Message-----
> From: current-users-owner@NetBSD.org 
> [mailto:current-users-owner@NetBSD.org]On Behalf Of Nathan J. Williams
> Sent: Tuesday, March 09, 2004 9:16 PM
> To: Brett Lymn
> Cc: dlagno@mail.nnov.ru; current-users@NetBSD.org
> Subject: Re: veriexec logs
> 
> 
> Brett Lymn <blymn@baesystems.com.au> writes:
> 
> > On Mon, Mar 08, 2004 at 05:30:06PM +0300, dlagno@mail.nnov.ru wrote:
> > > 
> > > veriexec generates messages of 2 types: about mismatched 
> fingerprints and 
> > > about lacking fingerprint.  All of them go to syslog with 
> high importance 
> > > level.
> > 
> > They are just kernel printf's so there is not much control about how
> > they are logged.
> 
> There's plenty of control; the kernel printf() calls could be 
> changed to
> log() calls very easily if there's a desire to log at 
> different levels.
> 
> > No, I don't think you are correct on that.  Lacking a fingerprint
> > *should* not happen once the fingerprints have been loaded into the
> > kernel.
> 
> This seems to be an issue for local policy control... but controlling
> the log level of the no-fingerprint case seems like the wrong knob.
> 
>         - Nathan

-------------------------------------------------------------------------
Закажи все, что тебе нужно в нижегородском представительстве
интернет-магазина 'ОЗОН' на nnov.ru! http://www.nnov.ru/ozon/
-------------------------------------------------------------------------

----------part405ec1a54d2eb
Content-Type: text/plain; name="=?koi8-r?B?dmVyaWV4ZWNfcGF0Y2gudHh0?="
Content-Transfer-Encoding: base64

LS0tIGtlcm4va2Vybl92ZXJpZmllZGV4ZWMuYy4xLjcJMjAwMy0xMS0xOCAxNjoxMzowMy4wMDAw
MDAwMDAgKzAzMDAKKysrIGtlcm4va2Vybl92ZXJpZmllZGV4ZWMuYwkyMDA0LTAzLTIyIDExOjEy
OjMwLjAwMDAwMDAwMCArMDMwMApAQCAtMzksNiArMzksOCBAQAogI2luY2x1ZGUgPHN5cy9jZGVm
cy5oPgogX19LRVJORUxfUkNTSUQoMCwgIiROZXRCU0Q6IGtlcm5fdmVyaWZpZWRleGVjLmMsdiAx
LjcgMjAwMy8xMS8xOCAxMzoxMzowMyBtYXJ0aW4gRXhwICQiKTsKIAorI2luY2x1ZGUgIm9wdF9t
dWx0aXByb2Nlc3Nvci5oIgorCiAjaW5jbHVkZSA8c3lzL3BhcmFtLmg+CiAjaW5jbHVkZSA8c3lz
L21vdW50Lmg+IAogI2luY2x1ZGUgPHN5cy9tYWxsb2MuaD4KQEAgLTUxLDYgKzUzLDE0IEBACiAv
KiBTZXQgdGhlIGJ1ZmZlciB0byBhIHNpbmdsZSBwYWdlIGZvciBtZDUgYW5kIHNoYTEgKi8KICNk
ZWZpbmUgQlVGX1NJWkUgUEFHRV9TSVpFCiAKKyNpZm5kZWYgVkVSSUVYRUNfTFRCTF9TSVpFCisj
ZGVmaW5lIFZFUklFWEVDX0xUQkxfU0laRSAwCisjZW5kaWYKKworI2lmbmRlZiBWRVJJRVhFQ19M
VEJMX0hPUklaT04KKyNkZWZpbmUgVkVSSUVYRUNfTFRCTF9IT1JJWk9OIDQKKyNlbmRpZgorCiBl
eHRlcm4gTElTVF9IRUFEKHZlcmlleGVjX2RldmhlYWQsIHZlcmlleGVjX2Rldl9saXN0KSB2ZXJp
ZXhlY19kZXZfaGVhZDsKIAogc3RhdGljIGludApAQCAtNjEsNiArNzEsOSBAQAogc2hhMV9maW5n
ZXJwcmludChzdHJ1Y3Qgdm5vZGUgKnZwLCBzdHJ1Y3QgdmVyaWV4ZWNfaW5vZGVfbGlzdCAqaXAs
CiAJCXN0cnVjdCBwcm9jICpwLCB1X3F1YWRfdCBmaWxlX3NpemUsIGNoYXIgKmZpbmdlcnByaW50
KTsKIAorc3RhdGljIF9faW5saW5lIGludAorY2hlY2tfbHRibChsb25nIGZzaWQsIGxvbmcgZmls
ZWlkKTsKKwogCiAvKgogICogbWQ1X2ZpbmdlcnByaW50OgpAQCAtMjQxLDYgKzI1NCw2MiBAQAog
CXJldHVybiBpcDsKIH0KIAorI2lmIFZFUklFWEVDX0xUQkxfU0laRSA+IDAKK3R5cGVkZWYgc3Ry
dWN0IGx0YmxfZW50cnkgeworICAgICAgICBsb25nIGZpbGVpZDsKKyAgICAgICAgbG9uZyBmc2lk
OworICAgICAgICBpbnQgdXNlZDsKK30gbHRibF9lbnRyeTsKKworc3RhdGljIGx0YmxfZW50cnkg
bHRibFtWRVJJRVhFQ19MVEJMX1NJWkUgKyBWRVJJRVhFQ19MVEJMX0hPUklaT04gLSAxXTsKK3N0
YXRpYyBpbnQgbHRibF9yc2hpZnQgPSAwOworI2VuZGlmCisKKy8qCisgKiBjaGVja19sdGJsOgor
ICogICBLZWVwcyB0cmFjayBvZiByZWNlbnQgZGV0ZWN0ZWQgZmlsZXMgbGFja2luZyBmaW5nZXJw
cmludHMuCisgKiBSZXR1cm5zIDAgaWYgaXQgZmluZHMgbmV3bHkgZGV0ZWN0ZWQgZmlsZSBpbiB0
aGUgbGlzdC4KKyAqCisgKi8KK3N0YXRpYyBfX2lubGluZSBpbnQKK2NoZWNrX2x0YmwobG9uZyBm
c2lkLCBsb25nIGZpbGVpZCkKK3sKKyNpZiBWRVJJRVhFQ19MVEJMX1NJWkUgPiAwCisgICAgICAg
IGludCBpLCBqOworI2lmZGVmIE1VTFRJUFJPQ0VTU09SCisgICAgICAgIHN0cnVjdCBjcHVfaW5m
byAqY2kgPSBjdXJjcHUoKTsKKyNlbmRpZgorCisgICAgICAgIGogPSBmaWxlaWQgJSBWRVJJRVhF
Q19MVEJMX1NJWkU7CisgICAgICAgIGZvciAoaSA9IGo7IGkgPCBqICsgVkVSSUVYRUNfTFRCTF9I
T1JJWk9OOyArK2kpCisgICAgICAgICAgICAgICAgaWYgKGZpbGVpZCA9PSBsdGJsW2ldLmZpbGVp
ZCAmJgorICAgICAgICAgICAgICAgICAgICBmc2lkID09IGx0YmxbaV0uZnNpZCAmJgorICAgICAg
ICAgICAgICAgICAgICBsdGJsW2ldLnVzZWQpCisgICAgICAgICAgICAgICAgICAgICAgICByZXR1
cm4gMDsKKworI2lmZGVmIE1VTFRJUFJPQ0VTU09SCisgICAgICAgIGlmIChDUFVfSVNfUFJJTUFS
WShjaSkpIHsKKyNlbHNlCisgICAgICAgIGlmICgxKSB7CisjZW5kaWYKKyAgICAgICAgZm9yIChp
ID0gajsgaSA8IGogKyBWRVJJRVhFQ19MVEJMX0hPUklaT047ICsraSkKKyAgICAgICAgICAgICAg
ICBpZiAoIWx0YmxbaV0udXNlZCkgeworICAgICAgICAgICAgICAgICAgICAgICAgbHRibFtpXS5m
aWxlaWQgPSBmaWxlaWQ7CisgICAgICAgICAgICAgICAgICAgICAgICBsdGJsW2ldLmZzaWQgPSBm
c2lkOworICAgICAgICAgICAgICAgICAgICAgICAgbHRibFtpXS51c2VkID0gMTsKKyAgICAgICAg
ICAgICAgICAgICAgICAgIHJldHVybiAxOworICAgICAgICAgICAgICAgIH0KKyAgICAgICAgfQor
ICAgICAgICBqICs9IGx0YmxfcnNoaWZ0Kys7CisgICAgICAgIGlmIChsdGJsX3JzaGlmdCA9PSBW
RVJJRVhFQ19MVEJMX0hPUklaT04pCisgICAgICAgICAgICAgICAgbHRibF9yc2hpZnQgPSAwOwor
ICAgICAgICBsdGJsW2pdLmZpbGVpZCA9IGZpbGVpZDsKKyAgICAgICAgbHRibFtqXS5mc2lkID0g
ZnNpZDsKKyNlbmRpZgorCisgICAgICAgIHJldHVybiAxOworfQorCiAvKgogICogY2hlY2sgdmVy
aWV4ZWM6CiAgKiAgIGNoZWNrIGEgZmlsZSBzaWduYXR1cmUgYW5kIHJldHVybiBhIHN0YXR1cyB0
byBjaGVja19leGVjLgpAQCAtMzQwLDkgKzQwOSwxMSBAQAogICAgICAgICAgICAgICAgICAgYnJl
YWs7CiAKICAgICAgICAgICBjYXNlIEZJTkdFUlBSSU5UX05PRU5UUlk6IC8qIG5vIGVudHJ5IGlu
IHRoZSBsaXN0LCBjb21wbGFpbiAqLwotICAgICAgICAgICAgICAgICAgcHJpbnRmKCJObyBmaW5n
ZXJwcmludCBmb3IgJXMgKGRldiAlbHUsIGlub2RlICVsdSlcbiIsCi0gICAgICAgICAgICAgICAg
ICAgICAgICAgZXBwLT5lcF9uYW1lLCBlcHAtPmVwX3ZhcC0+dmFfZnNpZCwKLSAgICAgICAgICAg
ICAgICAgICAgICAgICBlcHAtPmVwX3ZhcC0+dmFfZmlsZWlkKTsKKyAgICAgICAgICAgICAgICAg
IGlmIChjaGVja19sdGJsKGVwcC0+ZXBfdmFwLT52YV9mc2lkLAorICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgZXBwLT5lcF92YXAtPnZhX2ZpbGVpZCkpCisgICAgICAgICAgICAgICAg
ICAgICAgICAgIHByaW50ZigiTm8gZmluZ2VycHJpbnQgZm9yICVzIChkZXYgJWx1LCBpbm9kZSAl
bHUpXG4iLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZXBwLT5lcF9uYW1lLCBl
cHAtPmVwX3ZhcC0+dmFfZnNpZCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVw
cC0+ZXBfdmFwLT52YV9maWxlaWQpOwogICAgICAgICAgICAgICAgICAgaWYgKHNlY3VyZWxldmVs
ID4gMSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgZXJyb3IgPSBFUEVSTTsKICAgICAgICAg
ICAgICAgICAgIGJyZWFrOwo=
----------part405ec1a54d2eb--