Movatterモバイル変換

Veriexec

From Wikipedia, the free encyclopedia

Veriexec is a file-signing scheme for theNetBSD operating system.

It introduces a special device node (/dev/veriexec) through which asignature list can be loaded into thekernel. The list containsfile paths, together withhashes and an expected file type ("DIRECT" for executables, "INDIRECT" for scripts and "FILE" forshared libraries and regular files). The kernel then verifies the contents of the signed files against their hashes just before they are opened in anexec() oropen()system call.

When Veriexec is enabled at level 0, the kernel will simply warn about signature mismatches. At level 1, it will prevent access to mismatched files. At level 2, it prevents signed files from being overwritten or deleted. At the highest, level 3, the kernel will not allow unsigned files to be accessed at all.

References

[edit]

Lymn, Brett (2003). "NetBSD Verified Executables." Retrieved August 18, 2005.
"The NetBSD Veriexec subsystem."The NetBSD Guide. Retrieved August 16, 2005.

v t e TheNetBSD Project
Operating system	NetBSD
Related projects	pkgsrc netpgp pcc tnftp tcsh
Notable subsystems	Veriexec busdma DTrace envsys LKM Rump kernel
File systems andstorage	bioctl CHFS disklabel fdisk LVM2 PUFFS tmpfs UFS WAPBL OpenZFS
Firewalls andnetworking	802.11 drivers ALTQ Bluetooth CARP BPF IPFilter NPF PF pfsync

ThisUnix-related article is astub. You can help Wikipedia byexpanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Veriexec&oldid=1144281668"

Categories:

Hidden category:

All stub articles

[8]ページ先頭