Subject: veriexec strictness
To: None <tech-kern@netbsd.org>
From: Nino Dehne <ndehne@gmail.com>
List: tech-kern
Date: 06/14/2005 23:43:13
Hi,

I'm not sure where this belongs. I'm running 3.0_BETA as of today and
tried to use the recently backported new veriexec. I noticed that,
with kern.veriexec.strict=3D1, the system fails to read _any_ file for
which there is no fingerprint, e.g. an ls -la fails with a read on
/etc/pwd.db due to "Operation not permitted".

The man page merely says that _executing_ files without a fingerprint
is forbidden with strictness 1. Also, the helper scripts in
/usr/share/examples/veriexecctl/ only create fingerprints for
executables and shared libs.

This leaves quite a suboptimal system, where there is either no
protection (strict=3D0) or the system is unusable because no file is
readable except shared libs and executables (strict=3D1). Is the correct
solution to just create fingerprints for _all_ files in the system? I
would think that this is actually a bug and files should not be
prevented from being read at strictness 1. But I could be wrong.

Also, I fail to see what good a strictness level of 2 would do, which,
according to the man page, also prevents writing to a file for which
there is no fingerprint or a mismatching fingerprint. How exactly does
one write a file without altering its fingerprint?

Can anyone clue me in?

Thanks

ND