Veriexec

Veriexec

Veriexec is a file-signing scheme for the NetBSD operating system.

It introduces a special device node (/dev/veriexec) through which a signature list can be loaded into the kernel. The list contains file paths, together with hashes and an expected file type ("DIRECT" for executables, "INDIRECT" for scripts and "FILE" for shared libraries and regular files). The kernel then verifies the contents of the signed files against their hashes just before they are opened in an exec() or open() system call.

When Veriexec is enabled at level 0, the kernel will simply warn about signature mismatches. At level 1, it will prevent access to mismatched files. At level 2, it prevents signed files from being overwritten or deleted. At the highest, level 3, the kernel will not allow unsigned files to be accessed at all.

References

* Lymn, Brett (2003). " [http://www.users.on.net/~blymn/veriexec/ NetBSD Verified Executables] ." Retrieved August 18, 2005.
* " [http://www.netbsd.org/guide/en/chap-veriexec.html The NetBSD Veriexec subsystem] ." "The NetBSD Guide." Retrieved August 16, 2005.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • NetBSD — Company / developer The NetBSD Foundation OS family Unix like Working state Current So …   Wikipedia

  • Wikiproyecto:Software libre y de código abierto — Bienvenid@s al Wikiproyecto Software Libre y de Código Abierto …   Wikipedia Español

  • Comparison of operating systems — Usage share of web client operating systems. (Source: Median values from Usage share of operating systems for August 2011.)   Windows XP (35.21%) …   Wikipedia

  • Comparison of BSD operating systems — There are a number of Unix like operating systems based on or descended from the Berkeley Software Distribution (BSD) series of Unix variants. The three most notable descendants in current use are FreeBSD, OpenBSD, and NetBSD, which are all… …   Wikipedia

  • Comparison of open source operating systems — These tables compare the various free software / open source operating systems. Where not all of the non EOL versions support a feature, the first version which support it is listed. Contents 1 General information 2 Supported architectures 3… …   Wikipedia

  • Vergleich von BSD-Betriebssystemen — Dieser Artikel oder Abschnitt bedarf einer Überarbeitung. Näheres ist auf der Diskussionsseite angegeben. Hilf mit, ihn zu verbessern, und entferne anschließend diese Markierung. Es gibt eine große Anzahl UNIX ähnlicher Betriebssysteme, die auf… …   Deutsch Wikipedia

  • NetBSD — Разработчик The NetBSD Project Семейство ОС BSD UNIX Последняя версия …   Википедия

  • IPFilter — Тип Межсетевой экран Разработчик Даррен Рид Операционная система BSD, Linux, Solaris, AIX Последняя версия 5.1.0 (9 мая 2010) Лицензия ipfilter License Сайт …   Википедия

  • NPF (firewall) — NPF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw, ipfilter and PF. NPF is developed on NetBSD. History NPF was primarily written by Mindaugas Rasiukevicius. Work on NPF… …   Wikipedia

  • Vergleich der BSD-Betriebssysteme — Dies ist eine Liste, in der BSD Betriebssysteme aufgrund ihrer Herkunft und Fokus des jeweiligen Projektes, der Lizenz, den technischen Eigenschaften und Sicherheitsfunktionen miteinander verglichen werden. Inhaltsverzeichnis 1 Allgemeine… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”