NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2005-03

RE: FreeBSD trusted execution system: beta testers wanted

From: Christian S.J. Peron (csjpFreeBSD.org)
Date: Sat Mar 19 2005 - 17:27:03 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

All

Thanks for all the input. I have updated the code as per some of the comments
which came in around testing. The following changes were made:

-modify setfhash/getfhash to use the filename of the pathname portion.
this will un break set/getfhash if it was invoked using ./ or the complete
pathname.

-the kernel implementation of setfhash was a bad idea. It used to use
the utimes syscall. This especially caused problems with various port
or source builds on NFS file systems exiting with EIO or various other
errors. I replaced the kernel implementation with a sysctl, and modified
the setfhash utility to use this instead.

-add additional printf's to tell people where/why things went wrong. It
should be noted that these printfs are only executed if the module is
compiled with DEBUG set. (See the Makefile).

-change Makefiles and file locations to be more consistent with the
system build practices.

NOTE: IF YOU HAVE ALREADY PATCHED YOUR KERNEL SKIP THE KERNEL PATCH/REBUILD

cd /usr/src/sys
fetch http://www.freebsd.org/~csjp/mac/mac_vnode_mmap.1106783302.diff
patch < mac_vnode_mmap.1106783302.diff

# REBUILD YOUR KERNEL

cd /usr/src/sys/modules
mkdir /usr/src/sys/modules/mac_chkexec
cd /usr/src/sys/modules/mac_chkexec
fetch http://www.freebsd.org/~csjp/mac/Makefile

cd /usr/src/usr.sbin
fetch http://www.freebsd.org/~csjp/mac/getfhash.1111165779.shar
sh getfhash.1111165779.shar
cd getfhash
make
make install
make clean

cd /usr/src/sys/security
fetch http://www.freebsd.org/~csjp/mac/mac_chkexec.1111165827.shar
sh mac_chkexec.1111165827.shar
cd /usr/src/sys/modules/mac_chkexec
make
make install
make clean

--
Christian S.J. Peron
csjpFreeBSD.ORG
FreeBSD Committer
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]