1.\" $NetBSD: veriexec.4,v 1.26 2018/01/17 12:41:48 sevan Exp $ 2.\" 3.\" Copyright 2005 Elad Efrat <elad@bsd.org.il> 4.\" Copyright 2005 Brett Lymn <blymn@netbsd.org> 5.\" 6.\" This code is donated to The NetBSD Foundation by the author. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. The name of the Author may not be used to endorse or promote 14.\" products derived from this software without specific prior written 15.\" permission. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND 18.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE 21.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.Dd January 17, 2018 30.Dt VERIEXEC 4 31.Os 32.Sh NAME 33.Nm veriexec 34.Nd Veriexec pseudo-device 35.Sh SYNOPSIS 36.Cd pseudo-device veriexec 37.Sh DESCRIPTION 38.Em Veriexec 39verifies the integrity of specified executables and files before they are 40run or read. 41This makes it much more difficult to insert a trojan horse into the system 42and also makes it more difficult to run binaries that are not supposed to 43be running, for example, packet sniffers, DDoS clients and so on. 44.Pp 45The 46.Nm 47pseudo-device is used to load and delete entries to and from the in-kernel 48.Em Veriexec 49databases, as well as query information about them. 50It can also be used to dump the entire database. 51.Ss Kernel-userland interaction 52.Em Veriexec 53uses 54.Xr proplib 3 55for communication between the kernel and userland. 56.Bl -tag -width XXXX 57.It Dv VERIEXEC_LOAD 58Load an entry for a file to be monitored by 59.Em Veriexec . 60.Pp 61The dictionary passed contains the following elements: 62.Bl -column keepxfilename string 63.It Sy Name Ta Sy Type Ta Sy Purpose 64.It file string filename for this entry 65.It entry-type uint8 entry type ( see below ) 66.It fp-type string fingerprint hashing algorithm 67.It fp data the fingerprint 68.It keep-filename bool whether or not to retain the entry's filename 69.El 70.Pp 71.Dq entry-type 72can be one or more (binary-OR'd) of the following: 73.Bl -column veriexecxuntrusted effect 74.It Sy Type Ta Sy Effect 75.It Dv VERIEXEC_DIRECT can execute directly 76.It Dv VERIEXEC_INDIRECT can execute indirectly (interpreter, Xr mmap 2 ) 77.It Dv VERIEXEC_FILE can be opened 78.It Dv VERIEXEC_UNTRUSTED located on untrusted storage 79.El 80.It Dv VERIEXEC_DELETE 81Removes either an entry for a single file or entries for an entire mount from 82.Em Veriexec . 83.Pp 84The dictionary passed contains the following elements: 85.Bl -column file string 86.It Sy Name Ta Sy Type Ta Sy Purpose 87.It file string filename or mount-point 88.El 89.It Dv VERIEXEC_DUMP 90Dump the 91.Em Veriexec 92monitored files database from the kernel. 93.Pp 94Only files for which the filename was kept will be dumped. 95The returned array contains dictionaries with the following elements: 96.Bl -column entryxtype string 97.It Sy Name Ta Sy Type Ta Sy Purpose 98.It file string filename 99.It fp-type string fingerprint hashing algorithm 100.It fp data the fingerprint 101.It entry-type uint8 entry type ( see above ) 102.El 103.It Dv VERIEXEC_FLUSH 104Flush the 105.Em Veriexec 106database, removing all entries. 107.Pp 108This command has no parameters. 109.It Dv VERIEXEC_QUERY 110Queries 111.Em Veriexec 112about a file, returning information that may be useful about it. 113.Pp 114The dictionary passed contains the following elements: 115.Bl -column file string 116.It Sy Name Ta Sy Type Ta Sy Purpose 117.It file string filename 118.El 119.Pp 120The dictionary returned contains the following elements: 121.Bl -column entryxtype string 122.It Sy Name Ta Sy Type Ta Sy Purpose 123.It entry-type uint8 entry type ( see above ) 124.It status uint8 entry status 125.It fp-type string fingerprint hashing algorithm 126.It fp data the fingerprint 127.El 128.Pp 129.Dq status 130can be one of the following: 131.Bl -column fingerprintxmismatch effect 132.It Sy Status Ta Sy Meaning 133.It Dv FINGERPRINT_NOTEVAL not evaluated 134.It Dv FINGERPRINT_VALID fingerprint match 135.It Dv FINGERPRINT_MISMATCH fingerprint mismatch 136.El 137.El 138.Pp 139Note that the requests 140.Dv VERIEXEC_LOAD , 141.Dv VERIEXEC_DELETE , 142and 143.Dv VERIEXEC_FLUSH 144are not permitted once the strict level has been raised past 0. 145.Sh SEE ALSO 146.Xr proplib 3 , 147.Xr sysctl 3 , 148.Xr security 7 , 149.Xr sysctl 8 , 150.Xr veriexecctl 8 , 151.Xr veriexecgen 8 , 152.Xr veriexec 9 153.Sh NOTES 154.Nm 155is part of the default configuration on the following architectures: amd64, 156i386, macppc, prep, sparc64. 157.Sh AUTHORS 158.An Brett Lymn Aq Mt blymn@NetBSD.org 159.An Elad Efrat Aq Mt elad@NetBSD.org 160