NetBSD Problem Report #41669
From www@NetBSD.org Sun Jul 5 01:23:52 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 72FDE63B913
for <gnats-bugs@gnats.netbsd.org>; Sun, 5 Jul 2009 01:23:52 +0000 (UTC)
Message-Id: <20090705012352.3593B63B883@www.NetBSD.org>
Date: Sun, 5 Jul 2009 01:23:52 +0000 (UTC)
From: cemkayali@eticaret.com.tr
Reply-To: cemkayali@eticaret.com.tr
To: gnats-bugs@NetBSD.org
Subject: Veriexec generation with -d flag includes non-executable files by default.
X-Send-Pr-Version: www-1.0
>Number: 41669
>Category: kern
>Synopsis: Veriexec generation with -d flag includes non-executable files by default.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Jul 05 01:25:00 +0000 2009
>Closed-Date: Fri Mar 31 06:47:57 +0000 2023
>Last-Modified: Fri Mar 31 06:47:57 +0000 2023
>Originator: Cem Kayali
>Release: NetbSD 5 amd64
>Organization:
>Environment:
>Description:
Hello!
#!/bin/sh
veriexecgen -r -D \
-d /usr/pkg/bin \
-d /usr/pkg/sbin \
-d /usr/pkg/lib
It includes fingerprints for non-executable files too --- though no '-a' usage. Sample fingerprints:
/usr/pkg/lib/perl5/man/man1/perlfaq9.1 SHA256 136b51102b75379ced4fca30749d32a831b341af187b436cbf4a736447880667 file, indirect
/usr/pkg/lib/perl5/man/man1/perlfilter.1 SHA256 25cabc33282859c0e2de9df565164abc7942a1313200da5b2602a7e29520ddeb file, indirect
/usr/pkg/lib/perl5/man/man1/perlfork.1 SHA256 1eeef370fd08005253393f6a7ec727686378c8c9811286da9ea99cba4fbf2188 file, indirect
/usr/pkg/lib/perl5/man/man1/perlform.1 SHA256 374457ea9bcded64a3f98543dda5b8dfc1d84309f6512736604c2a986fb03942 file, indirect
/usr/pkg/lib/perl5/man/man1/perlfreebsd.1 SHA256 f646441728e2cbffce78d90512127ceaf854581654f375e6c1c5188606b7483b file, indirect
>How-To-Repeat:
Script is above. You need to have some softwares installed, ie; perl5.
>Fix:
>Release-Note:
>Audit-Trail:
From: Elad Efrat <elad@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: agc@netbsd.org
Subject: Re: kern/41669: Veriexec generation with -d flag includes non-executable
files by default.
Date: Sun, 05 Jul 2009 12:48:19 +0300
This is a multi-part message in MIME format.
--------------020008000401040901080705
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cemkayali@eticaret.com.tr wrote:
>> Number: 41669
>> Category: kern
>> Synopsis: Veriexec generation with -d flag includes non-executable files by default.
>> Confidential: no
>> Severity: serious
>> Priority: medium
>> Responsible: kern-bug-people
>> State: open
>> Class: change-request
>> Submitter-Id: net
>> Arrival-Date: Sun Jul 05 01:25:00 +0000 2009
>> Originator: Cem Kayali
>> Release: NetbSD 5 amd64
>> Organization:
>> Environment:
>> Description:
>
> Hello!
>
> #!/bin/sh
> veriexecgen -r -D \
> -d /usr/pkg/bin \
> -d /usr/pkg/sbin \
> -d /usr/pkg/lib
>
>
> It includes fingerprints for non-executable files too --- though no '-a' usage. Sample fingerprints:
>
> /usr/pkg/lib/perl5/man/man1/perlfaq9.1 SHA256 136b51102b75379ced4fca30749d32a831b341af187b436cbf4a736447880667 file, indirect
> /usr/pkg/lib/perl5/man/man1/perlfilter.1 SHA256 25cabc33282859c0e2de9df565164abc7942a1313200da5b2602a7e29520ddeb file, indirect
> /usr/pkg/lib/perl5/man/man1/perlfork.1 SHA256 1eeef370fd08005253393f6a7ec727686378c8c9811286da9ea99cba4fbf2188 file, indirect
> /usr/pkg/lib/perl5/man/man1/perlform.1 SHA256 374457ea9bcded64a3f98543dda5b8dfc1d84309f6512736604c2a986fb03942 file, indirect
> /usr/pkg/lib/perl5/man/man1/perlfreebsd.1 SHA256 f646441728e2cbffce78d90512127ceaf854581654f375e6c1c5188606b7483b file, indirect
A quick look suggests that the attached diff addresses the issue -- I'm
not sure why we need to care about "scan_system_dirs" in that case. Does
it look okay to you, Al?
Thanks,
-e.
--------------020008000401040901080705
Content-Type: text/plain;
name="veriexecgen.c.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="veriexecgen.c.diff"
Index: veriexecgen.c
===================================================================
RCS file: /usr/cvs/src/usr.sbin/veriexecgen/veriexecgen.c,v
retrieving revision 1.16
diff -u -p -r1.16 veriexecgen.c
--- veriexecgen.c 29 Apr 2008 06:53:04 -0000 1.16
+++ veriexecgen.c 4 Jul 2009 16:06:54 -0000
@@ -214,7 +214,7 @@ add_new_entry(veriexecgen_t *vp, FTSENT
} else
sb = *file->fts_statp;
- if (!vp->all_files && !vp->scan_system_dirs && !IS_EXEC(sb.st_mode))
+ if (!vp->all_files && !IS_EXEC(sb.st_mode))
return;
e = ecalloc(1UL, sizeof(*e));
--------------020008000401040901080705--
Responsible-Changed-From-To: kern-bug-people->sevan
Responsible-Changed-By: sevan@NetBSD.org
Responsible-Changed-When: Tue, 23 Apr 2019 18:25:17 +0000
Responsible-Changed-Why:
take
State-Changed-From-To: open->needs-pullups
State-Changed-By: sevan@NetBSD.org
State-Changed-When: Tue, 23 Apr 2019 22:39:13 +0000
State-Changed-Why:
Committed a fix to -HEAD
From: "Sevan Janiyan" <sevan@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41669 CVS commit: src/usr.sbin/veriexecgen
Date: Tue, 23 Apr 2019 22:35:42 +0000
Module Name: src
Committed By: sevan
Date: Tue Apr 23 22:35:42 UTC 2019
Modified Files:
src/usr.sbin/veriexecgen: veriexecgen.c
Log Message:
Omit files not marked executable from the signature database by default.
Closes PR kern/41669
Reviewed by <agc>
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/usr.sbin/veriexecgen/veriexecgen.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Responsible-Changed-From-To: sevan->kern-bug-people
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Mon, 13 Jul 2020 20:11:19 +0000
Responsible-Changed-Why:
Reset to role account
State-Changed-From-To: needs-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Fri, 31 Mar 2023 06:47:57 +0000
State-Changed-Why:
netbsd-5 is EOL, pullups no longer needed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.