Veriexec
Stephen Kiernan
hackagadget at gmail.com
Fri Jul 6 20:09:09 UTC 2018
On Thu, Jul 5, 2018 at 2:06 PM, Conrad Meyer <cem at freebsd.org> wrote:
> On Thu, Jul 5, 2018 at 10:48 AM, Stephen J. Kiernan <stevek at freebsd.org>
> wrote:
> > On Tue, Jul 3, 2018 at 7:09 PM, Conrad Meyer <cem at freebsd.org> wrote:
> >>
> >> Hi,
> >>
> >> It's been two weeks since this went in broken. What's the status?
> >> Has any progress been made on fixing the glaring issues?
> >
> > The backout commits for the veriexecctl bits (r335681) and the hooks
> > into the build to compile the kernel modules (r335682) happened on
> > 26 Jun 2018.
>
> I'm familiar with these commits, but was asking more about the topic
> you glanced on below. (Additionally, I don't really like the use of
> "revert" (as used in the commit message) or "backout" (here) to
> describe the kernel changes. The bad code is still present, but
> disabled by default.)
>
What would you prefer? It helps to provide an alternative if you wish to
see someone potentially use it in the future. You simply stated you didn't
like the use without providing an alternative.
Note that the commit message for r335682 says "Partial revert of
r335399 <https://svnweb.freebsd.org/base?view=revision&revision=335399> and
r335400 <https://svnweb.freebsd.org/base?view=revision&revision=335400>"
which is exactly what it is. It wasn't a full revert
of the commits, it was only partially reverting them.
> There's work in progress on fixing the issues with the meta-data store
> > and its use.
>
> Ok. Can you elaborate on that progress? Is it happening in public?
> Is there any kind of (loose) schedule in mind?
>
My goal was to have something by the beginning of next week, but
work and life got too busy to be able to make much headway. Work
has been around clocks in VMs, specifically with FreeBSD running
under KVM. I'm resurrecting brianv's https://reviews.freebsd.org/D1435
review, with modifications, and have been in discussions with him since
last week.
As for the veriexec changes, I will be posting them as they are available
to the following branch on GitHub:
https://github.com/hackagadget/freebsd/tree/hackagadget/veriexec
(Note this branch is currently out of date.)
So right now my tentative schedule is to have first cut available for
people to look at around 23 Jul 2018. Also, I want to put up a design
overview on my website once I get all the maintenance done this
weekend.
-Steve
More information about the freebsd-arch
mailing list