CVS commit: src/usr.sbin/veriexecgen
Module Name:src Committed By: sevan Date: Tue Apr 23 22:35:42 UTC 2019 Modified Files: src/usr.sbin/veriexecgen: veriexecgen.c Log Message: Omit files not marked executable from the signature database by default. Closes PR kern/41669 Reviewed by To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/usr.sbin/veriexecgen/veriexecgen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/veriexecgen/veriexecgen.c diff -u src/usr.sbin/veriexecgen/veriexecgen.c:1.18 src/usr.sbin/veriexecgen/veriexecgen.c:1.19 --- src/usr.sbin/veriexecgen/veriexecgen.c:1.18 Sat Sep 9 21:27:23 2017 +++ src/usr.sbin/veriexecgen/veriexecgen.c Tue Apr 23 22:35:42 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: veriexecgen.c,v 1.18 2017/09/09 21:27:23 sevan Exp $ */ +/* $NetBSD: veriexecgen.c,v 1.19 2019/04/23 22:35:42 sevan Exp $ */ /*- * Copyright (c) 2006 The NetBSD Foundation, Inc. @@ -36,7 +36,7 @@ #ifndef lint #ifdef __RCSID -__RCSID("$NetBSD: veriexecgen.c,v 1.18 2017/09/09 21:27:23 sevan Exp $"); +__RCSID("$NetBSD: veriexecgen.c,v 1.19 2019/04/23 22:35:42 sevan Exp $"); #endif #endif /* not lint */ @@ -208,7 +208,7 @@ add_new_entry(veriexecgen_t *vp, FTSENT } else sb = *file->fts_statp; - if (!vp->all_files && !vp->scan_system_dirs && !IS_EXEC(sb.st_mode)) + if (!vp->all_files && !IS_EXEC(sb.st_mode)) return; e = ecalloc(1UL, sizeof(*e));
CVS commit: src/usr.sbin/veriexecgen
Module Name:src Committed By: gutteridge Date: Tue Jan 8 01:31:49 UTC 2019 Modified Files: src/usr.sbin/veriexecgen: veriexecgen.8 Log Message: veriexecgen(8): improve example for appending /etc to the signatures database. From Edgar Pettijohn in PR misc/53839. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/usr.sbin/veriexecgen/veriexecgen.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/veriexecgen/veriexecgen.8 diff -u src/usr.sbin/veriexecgen/veriexecgen.8:1.19 src/usr.sbin/veriexecgen/veriexecgen.8:1.20 --- src/usr.sbin/veriexecgen/veriexecgen.8:1.19 Sun Sep 10 10:13:47 2017 +++ src/usr.sbin/veriexecgen/veriexecgen.8 Tue Jan 8 01:31:49 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: veriexecgen.8,v 1.19 2017/09/10 10:13:47 wiz Exp $ +.\" $NetBSD: veriexecgen.8,v 1.20 2019/01/08 01:31:49 gutteridge Exp $ .\" .\" Copyright (c) 2006 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd September 9, 2017 +.Dd January 8, 2019 .Dt VERIEXECGEN 8 .Os .Sh NAME @@ -139,7 +139,7 @@ Fingerprint files in .Pa /etc , appending to the default fingerprint database: .Bd -literal -offset indent -# veriexecgen -A -d /etc +# veriexecgen -A -a -d /etc .Ed .Pp Fingerprint files in
CVS commit: src/usr.sbin/veriexecgen
Module Name:src Committed By: wiz Date: Sun Sep 10 10:13:47 UTC 2017 Modified Files: src/usr.sbin/veriexecgen: veriexecgen.8 Log Message: Fix enumeration. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/usr.sbin/veriexecgen/veriexecgen.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/veriexecgen/veriexecgen.8 diff -u src/usr.sbin/veriexecgen/veriexecgen.8:1.18 src/usr.sbin/veriexecgen/veriexecgen.8:1.19 --- src/usr.sbin/veriexecgen/veriexecgen.8:1.18 Sat Sep 9 21:27:23 2017 +++ src/usr.sbin/veriexecgen/veriexecgen.8 Sun Sep 10 10:13:47 2017 @@ -1,4 +1,4 @@ -.\" $NetBSD: veriexecgen.8,v 1.18 2017/09/09 21:27:23 sevan Exp $ +.\" $NetBSD: veriexecgen.8,v 1.19 2017/09/10 10:13:47 wiz Exp $ .\" .\" Copyright (c) 2006 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -104,7 +104,8 @@ for the fingerprints. Must be one of .Dq sha256 , .Dq sha384 , -.Dq sha512 , +or +.Dq sha512 . .It Fl v Verbose mode. Print messages describing what operations are being done.
CVS commit: src/usr.sbin/veriexecgen
Module Name:src Committed By: sevan Date: Sat Sep 9 21:27:23 UTC 2017 Modified Files: src/usr.sbin/veriexecgen: veriexecgen.8 veriexecgen.c Log Message: Remove the ability to generate a signature database with the hash algorithms MD5, SHA1 & RMD160 which are either broken or on their way to being broken. Discussed on tech-security http://mail-index.netbsd.org/tech-security/2017/08/21/msg000936.html ok riastradh To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/usr.sbin/veriexecgen/veriexecgen.8 \ src/usr.sbin/veriexecgen/veriexecgen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/veriexecgen/veriexecgen.8 diff -u src/usr.sbin/veriexecgen/veriexecgen.8:1.17 src/usr.sbin/veriexecgen/veriexecgen.8:1.18 --- src/usr.sbin/veriexecgen/veriexecgen.8:1.17 Thu Apr 28 11:24:28 2011 +++ src/usr.sbin/veriexecgen/veriexecgen.8 Sat Sep 9 21:27:23 2017 @@ -1,4 +1,4 @@ -.\" $NetBSD: veriexecgen.8,v 1.17 2011/04/28 11:24:28 wiz Exp $ +.\" $NetBSD: veriexecgen.8,v 1.18 2017/09/09 21:27:23 sevan Exp $ .\" .\" Copyright (c) 2006 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd February 18, 2008 +.Dd September 9, 2017 .Dt VERIEXECGEN 8 .Os .Sh NAME @@ -102,13 +102,9 @@ Use .Ar algorithm for the fingerprints. Must be one of -.Dq md5 , -.Dq sha1 , .Dq sha256 , .Dq sha384 , .Dq sha512 , -or -.Dq rmd160 . .It Fl v Verbose mode. Print messages describing what operations are being done. @@ -147,11 +143,11 @@ appending to the default fingerprint dat .Pp Fingerprint files in .Pa /path/to/somewhere using -.Dq rmd160 +.Dq sha512 as the hashing algorithm, saving to .Pa /etc/somewhere.fp : .Bd -literal -offset indent -# veriexecgen -d /path/to/somewhere -t rmd160 -o /etc/somewhere.fp +# veriexecgen -d /path/to/somewhere -t sha512 -o /etc/somewhere.fp .Ed .Sh SEE ALSO .Xr veriexec 4 , Index: src/usr.sbin/veriexecgen/veriexecgen.c diff -u src/usr.sbin/veriexecgen/veriexecgen.c:1.17 src/usr.sbin/veriexecgen/veriexecgen.c:1.18 --- src/usr.sbin/veriexecgen/veriexecgen.c:1.17 Fri Aug 21 04:09:41 2009 +++ src/usr.sbin/veriexecgen/veriexecgen.c Sat Sep 9 21:27:23 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $ */ +/* $NetBSD: veriexecgen.c,v 1.18 2017/09/09 21:27:23 sevan Exp $ */ /*- * Copyright (c) 2006 The NetBSD Foundation, Inc. @@ -36,7 +36,7 @@ #ifndef lint #ifdef __RCSID -__RCSID("$NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $"); +__RCSID("$NetBSD: veriexecgen.c,v 1.18 2017/09/09 21:27:23 sevan Exp $"); #endif #endif /* not lint */ @@ -57,10 +57,7 @@ __RCSID("$NetBSD: veriexecgen.c,v 1.17 2 #include #include -#include -#include #include -#include #define IS_EXEC(mode) ((mode) & (S_IXUSR | S_IXGRP | S_IXOTH)) @@ -100,12 +97,9 @@ TAILQ_HEAD(, fentry) fehead; /* define the possible hash algorithms */ static hash_t hashes[] = { - { "MD5", MD5File }, - { "SHA1", SHA1File }, { "SHA256", SHA256_File }, { "SHA384", SHA384_File }, { "SHA512", SHA512_File }, - { "RMD160", RMD160File }, { NULL, NULL }, };
CVS commit: src/usr.sbin/veriexecgen
Module Name:src Committed By: wiz Date: Thu Apr 28 11:24:28 UTC 2011 Modified Files: src/usr.sbin/veriexecgen: veriexecgen.8 Log Message: security(7), not (8). To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/usr.sbin/veriexecgen/veriexecgen.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/veriexecgen/veriexecgen.8 diff -u src/usr.sbin/veriexecgen/veriexecgen.8:1.16 src/usr.sbin/veriexecgen/veriexecgen.8:1.17 --- src/usr.sbin/veriexecgen/veriexecgen.8:1.16 Wed Mar 11 14:00:29 2009 +++ src/usr.sbin/veriexecgen/veriexecgen.8 Thu Apr 28 11:24:28 2011 @@ -1,4 +1,4 @@ -.\ $NetBSD: veriexecgen.8,v 1.16 2009/03/11 14:00:29 joerg Exp $ +.\ $NetBSD: veriexecgen.8,v 1.17 2011/04/28 11:24:28 wiz Exp $ .\ .\ Copyright (c) 2006 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -156,6 +156,6 @@ .Sh SEE ALSO .Xr veriexec 4 , .Xr veriexec 5 , -.Xr security 8 , +.Xr security 7 , .Xr veriexec 8 , .Xr veriexecctl 8
CVS commit: src/usr.sbin/veriexecgen
Module Name:src Committed By: elad Date: Fri Aug 21 04:09:41 UTC 2009 Modified Files: src/usr.sbin/veriexecgen: veriexecgen.c Log Message: PR/41911: Jukka Ruohonen: A bug in veriexecgen Do as suggested and add the missing 'T' to getopt() and update usage. Thanks for the PR! To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/usr.sbin/veriexecgen/veriexecgen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/veriexecgen/veriexecgen.c diff -u src/usr.sbin/veriexecgen/veriexecgen.c:1.16 src/usr.sbin/veriexecgen/veriexecgen.c:1.17 --- src/usr.sbin/veriexecgen/veriexecgen.c:1.16 Tue Apr 29 06:53:04 2008 +++ src/usr.sbin/veriexecgen/veriexecgen.c Fri Aug 21 04:09:41 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: veriexecgen.c,v 1.16 2008/04/29 06:53:04 martin Exp $ */ +/* $NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $ */ /*- * Copyright (c) 2006 The NetBSD Foundation, Inc. @@ -36,7 +36,7 @@ #ifndef lint #ifdef __RCSID -__RCSID($NetBSD: veriexecgen.c,v 1.16 2008/04/29 06:53:04 martin Exp $); +__RCSID($NetBSD: veriexecgen.c,v 1.17 2009/08/21 04:09:41 elad Exp $); #endif #endif /* not lint */ @@ -129,7 +129,7 @@ usage(void) { (void)fprintf(stderr, - usage: %s [-AaDrSvW] [-d dir] [-o fingerprintdb] [-p prefix]\n + usage: %s [-AaDrSTvW] [-d dir] [-o fingerprintdb] [-p prefix]\n \t\t[-t algorithm]\n \t%s [-h]\n, getprogname(), getprogname()); } @@ -389,7 +389,7 @@ /* error out if we have a dangling symlink or other fs problem */ v.exit_on_error = 1; - while ((ch = getopt(argc, argv, AaDd:ho:p:rSt:vW)) != -1) { + while ((ch = getopt(argc, argv, AaDd:ho:p:rSTt:vW)) != -1) { switch (ch) { case 'A': v.append_output = 1;