NetBSD Problem Report #41669

From www@NetBSD.org  Sun Jul  5 01:23:52 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 72FDE63B913
	for <gnats-bugs@gnats.netbsd.org>; Sun,  5 Jul 2009 01:23:52 +0000 (UTC)
Message-Id: <20090705012352.3593B63B883@www.NetBSD.org>
Date: Sun,  5 Jul 2009 01:23:52 +0000 (UTC)
From: cemkayali@eticaret.com.tr
Reply-To: cemkayali@eticaret.com.tr
To: gnats-bugs@NetBSD.org
Subject: Veriexec generation with -d flag includes non-executable files by default.
X-Send-Pr-Version: www-1.0

>Number:         41669
>Category:       kern
>Synopsis:       Veriexec generation with -d flag includes non-executable files by default.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 05 01:25:00 +0000 2009
>Closed-Date:    Fri Mar 31 06:47:57 +0000 2023
>Last-Modified:  Fri Mar 31 06:47:57 +0000 2023
>Originator:     Cem Kayali
>Release:        NetbSD 5 amd64
>Organization:
>Environment:
>Description:

Hello!

#!/bin/sh
veriexecgen -r -D \
-d /usr/pkg/bin \
-d /usr/pkg/sbin \
-d /usr/pkg/lib


It includes fingerprints for non-executable files too --- though no '-a' usage. Sample fingerprints:

/usr/pkg/lib/perl5/man/man1/perlfaq9.1 SHA256 136b51102b75379ced4fca30749d32a831b341af187b436cbf4a736447880667 file, indirect
/usr/pkg/lib/perl5/man/man1/perlfilter.1 SHA256 25cabc33282859c0e2de9df565164abc7942a1313200da5b2602a7e29520ddeb file, indirect
/usr/pkg/lib/perl5/man/man1/perlfork.1 SHA256 1eeef370fd08005253393f6a7ec727686378c8c9811286da9ea99cba4fbf2188 file, indirect
/usr/pkg/lib/perl5/man/man1/perlform.1 SHA256 374457ea9bcded64a3f98543dda5b8dfc1d84309f6512736604c2a986fb03942 file, indirect
/usr/pkg/lib/perl5/man/man1/perlfreebsd.1 SHA256 f646441728e2cbffce78d90512127ceaf854581654f375e6c1c5188606b7483b file, indirect


>How-To-Repeat:

Script is above. You need to have some softwares installed, ie; perl5.

>Fix:


>Release-Note:

>Audit-Trail:
From: Elad Efrat <elad@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: agc@netbsd.org
Subject: Re: kern/41669: Veriexec generation with -d flag includes non-executable
 files by default.
Date: Sun, 05 Jul 2009 12:48:19 +0300

 This is a multi-part message in MIME format.
 --------------020008000401040901080705
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit

 cemkayali@eticaret.com.tr wrote:
 >> Number:         41669
 >> Category:       kern
 >> Synopsis:       Veriexec generation with -d flag includes non-executable files by default.
 >> Confidential:   no
 >> Severity:       serious
 >> Priority:       medium
 >> Responsible:    kern-bug-people
 >> State:          open
 >> Class:          change-request
 >> Submitter-Id:   net
 >> Arrival-Date:   Sun Jul 05 01:25:00 +0000 2009
 >> Originator:     Cem Kayali
 >> Release:        NetbSD 5 amd64
 >> Organization:
 >> Environment:
 >> Description:
 > 
 > Hello!
 > 
 > #!/bin/sh
 > veriexecgen -r -D \
 > -d /usr/pkg/bin \
 > -d /usr/pkg/sbin \
 > -d /usr/pkg/lib
 > 
 > 
 > It includes fingerprints for non-executable files too --- though no '-a' usage. Sample fingerprints:
 > 
 > /usr/pkg/lib/perl5/man/man1/perlfaq9.1 SHA256 136b51102b75379ced4fca30749d32a831b341af187b436cbf4a736447880667 file, indirect
 > /usr/pkg/lib/perl5/man/man1/perlfilter.1 SHA256 25cabc33282859c0e2de9df565164abc7942a1313200da5b2602a7e29520ddeb file, indirect
 > /usr/pkg/lib/perl5/man/man1/perlfork.1 SHA256 1eeef370fd08005253393f6a7ec727686378c8c9811286da9ea99cba4fbf2188 file, indirect
 > /usr/pkg/lib/perl5/man/man1/perlform.1 SHA256 374457ea9bcded64a3f98543dda5b8dfc1d84309f6512736604c2a986fb03942 file, indirect
 > /usr/pkg/lib/perl5/man/man1/perlfreebsd.1 SHA256 f646441728e2cbffce78d90512127ceaf854581654f375e6c1c5188606b7483b file, indirect

 A quick look suggests that the attached diff addresses the issue -- I'm
 not sure why we need to care about "scan_system_dirs" in that case. Does
 it look okay to you, Al?

 Thanks,

 -e.

 --------------020008000401040901080705
 Content-Type: text/plain;
  name="veriexecgen.c.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="veriexecgen.c.diff"

 Index: veriexecgen.c
 ===================================================================
 RCS file: /usr/cvs/src/usr.sbin/veriexecgen/veriexecgen.c,v
 retrieving revision 1.16
 diff -u -p -r1.16 veriexecgen.c
 --- veriexecgen.c	29 Apr 2008 06:53:04 -0000	1.16
 +++ veriexecgen.c	4 Jul 2009 16:06:54 -0000
 @@ -214,7 +214,7 @@ add_new_entry(veriexecgen_t *vp, FTSENT 
  	} else
  		sb = *file->fts_statp;

 -	if (!vp->all_files && !vp->scan_system_dirs && !IS_EXEC(sb.st_mode))
 +	if (!vp->all_files && !IS_EXEC(sb.st_mode))
  		return;

  	e = ecalloc(1UL, sizeof(*e));

 --------------020008000401040901080705--

Responsible-Changed-From-To: kern-bug-people->sevan
Responsible-Changed-By: sevan@NetBSD.org
Responsible-Changed-When: Tue, 23 Apr 2019 18:25:17 +0000
Responsible-Changed-Why:
take


State-Changed-From-To: open->needs-pullups
State-Changed-By: sevan@NetBSD.org
State-Changed-When: Tue, 23 Apr 2019 22:39:13 +0000
State-Changed-Why:
Committed a fix to -HEAD


From: "Sevan Janiyan" <sevan@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/41669 CVS commit: src/usr.sbin/veriexecgen
Date: Tue, 23 Apr 2019 22:35:42 +0000

 Module Name:	src
 Committed By:	sevan
 Date:		Tue Apr 23 22:35:42 UTC 2019

 Modified Files:
 	src/usr.sbin/veriexecgen: veriexecgen.c

 Log Message:
 Omit files not marked executable from the signature database by default.

 Closes PR kern/41669
 Reviewed by <agc>


 To generate a diff of this commit:
 cvs rdiff -u -r1.18 -r1.19 src/usr.sbin/veriexecgen/veriexecgen.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Responsible-Changed-From-To: sevan->kern-bug-people
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Mon, 13 Jul 2020 20:11:19 +0000
Responsible-Changed-Why:
Reset to role account


State-Changed-From-To: needs-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Fri, 31 Mar 2023 06:47:57 +0000
State-Changed-Why:
netbsd-5 is EOL, pullups no longer needed


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.