NetBSD Problem Report #52908

From www@NetBSD.org  Sun Jan  7 21:52:49 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 1AFFC7A16F
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  7 Jan 2018 21:52:49 +0000 (UTC)
Message-Id: <20180107215241.B0B857A21A@mollari.NetBSD.org>
Date: Sun,  7 Jan 2018 21:52:41 +0000 (UTC)
From: venture37@geeklan.co.uk
Reply-To: venture37@geeklan.co.uk
To: gnats-bugs@NetBSD.org
Subject: Enable veriexec support by default in GENERIC kernel
X-Send-Pr-Version: www-1.0

>Number:         52908
>Category:       port-powerpc
>Synopsis:       Enable veriexec support by default in GENERIC kernel
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    sevan
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 07 21:55:00 +0000 2018
>Closed-Date:    Wed Jan 17 13:53:24 +0000 2018
>Last-Modified:  Wed Jan 17 13:53:24 +0000 2018
>Originator:     Sevan Janiyan
>Release:        NetBSD-HEAD
>Organization:
>Environment:
NetBSD 8.0_BETA macppc powerpc
>Description:
Attached patch adds the FILEASSOC option to the GENERIC kernel and enables veriexec support.
veriexec(4) is updated to note macppc also includes support by default. 
>How-To-Repeat:

>Fix:
Index: sys/arch/macppc/conf/GENERIC
===================================================================
RCS file: /cvsroot/src/sys/arch/macppc/conf/GENERIC,v
retrieving revision 1.337
diff -u -r1.337 GENERIC
--- sys/arch/macppc/conf/GENERIC	27 Dec 2017 18:30:02 -0000	1.337
+++ sys/arch/macppc/conf/GENERIC	7 Jan 2018 21:25:21 -0000
@@ -650,17 +650,19 @@
 # userland interface to drivers, including autoconf and properties retrieval
 pseudo-device   drvctl

+options 	FILEASSOC		# fileassoc(9) - needed by Veriexec
+
 # Veriexec
 #
 # a pseudo device needed for veriexec
-#pseudo-device	veriexec
+pseudo-device	veriexec
 #
 # Uncomment the fingerprint methods below that are desired. Note that
 # removing fingerprint methods will have almost no impact on the kernel
 # code size.
 #
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+options VERIFIED_EXEC_FP_SHA256
+options VERIFIED_EXEC_FP_SHA384
+options VERIFIED_EXEC_FP_SHA512

 #options PAX_MPROTECT=0			# PaX mprotect(2) restrictions
Index: share/man/man4/veriexec.4
===================================================================
RCS file: /cvsroot/src/share/man/man4/veriexec.4,v
retrieving revision 1.25
diff -u -r1.25 veriexec.4
--- share/man/man4/veriexec.4	30 Aug 2017 05:47:24 -0000	1.25
+++ share/man/man4/veriexec.4	7 Jan 2018 21:25:23 -0000
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 30, 2017
+.Dd January 07, 2018
 .Dt VERIEXEC 4
 .Os
 .Sh NAME
@@ -153,7 +153,7 @@
 .Sh NOTES
 .Nm
 is part of the default configuration on the following architectures: amd64,
-i386, prep, sparc64.
+i386, macppc, prep, sparc64.
 .Sh AUTHORS
 .An Brett Lymn Aq Mt blymn@NetBSD.org
 .An Elad Efrat Aq Mt elad@NetBSD.org

>Release-Note:

>Audit-Trail:
From: "Sevan Janiyan" <sevan@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/52908 CVS commit: src
Date: Wed, 17 Jan 2018 12:41:48 +0000

 Module Name:	src
 Committed By:	sevan
 Date:		Wed Jan 17 12:41:48 UTC 2018

 Modified Files:
 	src/share/man/man4: veriexec.4
 	src/sys/arch/macppc/conf: GENERIC

 Log Message:
 Enable veriexec(4) support by default on the macppc port and update the manual to mention it.

 Closes PR port-powerpc/52908


 To generate a diff of this commit:
 cvs rdiff -u -r1.25 -r1.26 src/share/man/man4/veriexec.4
 cvs rdiff -u -r1.337 -r1.338 src/sys/arch/macppc/conf/GENERIC

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Responsible-Changed-From-To: port-powerpc-maintainer->sevan
Responsible-Changed-By: sevan@NetBSD.org
Responsible-Changed-When: Wed, 17 Jan 2018 13:53:24 +0000
Responsible-Changed-Why:
Committed 


State-Changed-From-To: open->closed
State-Changed-By: sevan@NetBSD.org
State-Changed-When: Wed, 17 Jan 2018 13:53:24 +0000
State-Changed-Why:
Comitted


>Unformatted:

Home	PR Database Search