VERIEXEC(4) | Device Drivers Manual | VERIEXEC(4) |
veriexec
—
pseudo-device veriexec
The veriexec
pseudo-device is used to load
and delete entries to and from the in-kernel Veriexec
databases, as well as query information about them. It can also be used to
dump the entire database.
VERIEXEC_LOAD
The dictionary passed contains the following elements:
Name | Type | Purpose |
file | string | filename for this entry |
entry-type | uint8 | entry type (see below) |
fp-type | string | fingerprint hashing algorithm |
fp | data | the fingerprint |
keep-filename | bool | whether or not to retain the entry's filename |
“entry-type” can be one or more (binary-OR'd) of the following:
Type | Effect |
VERIEXEC_DIRECT |
can execute directly |
VERIEXEC_INDIRECT |
can execute indirectly (interpreter, mmap(2)) |
VERIEXEC_FILE |
can be opened |
VERIEXEC_UNTRUSTED |
located on untrusted storage |
VERIEXEC_DELETE
The dictionary passed contains the following elements:
Name | Type | Purpose |
file | string | filename or mount-point |
VERIEXEC_DUMP
Only files for which the filename was kept will be dumped. The returned array contains dictionaries with the following elements:
Name | Type | Purpose |
file | string | filename |
fp-type | string | fingerprint hashing algorithm |
fp | data | the fingerprint |
entry-type | uint8 | entry type (see above) |
VERIEXEC_FLUSH
This command has no parameters.
VERIEXEC_QUERY
The dictionary passed contains the following elements:
Name | Type | Purpose |
file | string | filename |
The dictionary returned contains the following elements:
Name | Type | Purpose |
entry-type | uint8 | entry type (see above) |
status | uint8 | entry status |
fp-type | string | fingerprint hashing algorithm |
fp | data | the fingerprint |
“status” can be one of the following:
Status | Meaning |
FINGERPRINT_NOTEVAL |
not evaluated |
FINGERPRINT_VALID |
fingerprint match |
FINGERPRINT_MISMATCH |
fingerprint mismatch |
Note that the requests VERIEXEC_LOAD
,
VERIEXEC_DELETE
, and
VERIEXEC_FLUSH
are not permitted once the strict
level has been raised past 0.
veriexec
is part of the default configuration on the
following architectures: amd64, i386, macppc, prep, sparc64.
January 17, 2018 | NetBSD 9.4 |