VERIEXEC(4)             NetBSD Kernel Interfaces Manual            VERIEXEC(4)

NAME
     veriexec -- Veriexec pseudo-device

SYNOPSIS
     pseudo-device veriexec

DESCRIPTION
     Veriexec verifies the integrity of specified executables and files before
     they are run or read.  This makes it much more difficult to insert a tro-
     jan horse into the system and also makes it more difficult to run bina-
     ries that are not supposed to be running, for example, packet sniffers,
     DDoS clients and so on.

     The veriexec pseudo-device is used to preform optimal table sizing, fin-
     gerprint loading, and querying of entries, as part of the Veriexec sub-
     system.

   Kernel-userland interaction
     Veriexec uses proplib(3) for communication between the kernel and user-
     land.

     VERIEXEC_TABLESIZE
           Sizes the in kernel tables to accommodate the fingerprint entries.
           This request must be made prior to loading the fingerprints into
           the kernel.

           The dictionary passed contains the following elements:

           Name     Type        Purpose
           mount    string      mount-point for the entries
           count    uint64_t    number of entries

     VERIEXEC_LOAD
           Inserts a fingerprint into the in-kernel tables.  These tables must
           have been previously sized using the VERIEXEC_TABLESIZE request.

           The dictionary passed contains the following elements:

           Name          Type      Purpose
           file          string    filename for this entry
           entry-type    uint8     entry type (see below)
           fp-type       string    fingerprint hashing algorithm
           fp            data      the fingerprint

           ``entry-type'' can be one or more (binary-OR'd) of the following:

           Type                  Effect
           VERIEXEC_DIRECT       can execute directly
           VERIEXEC_INDIRECT     can execute indirectly (interpreter, mmap(2))
           VERIEXEC_FILE         can be opened
           VERIEXEC_UNTRUSTED    located on untrusted storage

     VERIEXEC_DELETE
           Removes either an entry for a single file or entries for an entire
           mount from Veriexec.

           The dictionary passed contains the following elements:

           Name    Type      Purpose
           file    string    filename or mount-point

     VERIEXEC_QUERY
           Queries Veriexec about a file, returning information that may be
           useful about it.

           The dictionary passed contains the following elements:

           Name    Type      Purpose
           file    string    filename

           The dictionary returned contains the following elements:

           Name          Type      Purpose
           entry-type    uint8     entry type (see above)
           status        uint8     entry status
           fp-type       string    fingerprint hashing algorithm
           fp            data      the fingerprint

           ``status'' can be one of the following:

           Status                  Meaning
           FINGERPRINT_NOTEVAL     not evaluated
           FINGERPRINT_VALID       fingerprint match
           FINGERPRINT_MISMATCH    fingerprint mismatch

     Note that the requests VERIEXEC_TABLESIZE, VERIEXEC_LOAD, and
     VERIEXEC_DELETE are not permitted once the strict level has been raised
     past 0.

SEE ALSO
     proplib(3), sysctl(3), sysctl(8), veriexecctl(8), veriexecgen(8),
     veriexec(9)

NOTES
     veriexec is part of the default configuration on the following architec-
     tures: amd64, i386, prep, sparc64.

AUTHORS
     Brett Lymn <blymn@NetBSD.org>
     Elad Efrat <elad@NetBSD.org>

NetBSD 4.0                     November 29, 2006                    NetBSD 4.0