FreeBSD trusted execution system: beta testers wanted
Peter Jeremy
PeterJeremy at optushome.com.au
Sat Mar 12 15:06:26 PST 2005
On Fri, 2005-Mar-11 15:29:51 +0000, Christian S.J. Peron wrote:
>I have written a trusted execution module and would appreciate if anyone could
>help in testing. This module provides a functionality similar to NetBSD's
>verified exec mechanism. Once the design details of this security policy has
>been solidified, I will be releasing a white paper which describes the
>technical implementation in greater detail.
Sounds good.
> Download, build and install the mac_chkexec kernel module:
>
> fetch http://people.freebsd.org/~csjp/mac/mac_chkexec.1110510616.tar.gz
> tar zxvf mac_chkexec.1110510616.tar.gz
> cd mac_chkexec
> make
> make install
Unfortunately, the existing file is incompatible with the "standard" kernel
building process. The instructions above seem to work but since it's a
separate step from buildkernel/installkernel, I'm sure to forget it at some
time. If I unpack it into /sys/modules and add "SUBDIR += mac_chkexec" to
/sys/modules/Makefile - it blows up with:
===> mac_chkexec
@ -> /usr/src/sys
machine -> /usr/src/sys/i386/include
awk -f @/tools/vnode_if.awk @/kern/vnode_if.src -h
rm -f .depend
mkdep -f .depend -a -nostdinc -I/usr/src/sys/crypto -D_KERNEL -DKLD_MODULE -I- -I/usr/src/sys/crypto -I. -I@ -I@/contrib/altq -I@/../include -I/usr/obj/usr/src/i386/usr/include -I/usr/obj/usr/src/sys/fwall /usr/src/sys/crypto//sha1.c /usr/src/sys/modules/mac_chkexec/mac_chkexec.c
/usr/src/sys/modules/mac_chkexec/mac_chkexec.c:61:25: mac_chkexec.h: No such file or directory
mkdep: compile failed
*** Error code 1
I also notice that the Makefile has /usr/src/sys hard-coded into it.
Can I suggest the following patch:
server# diff -u Makefile~ Makefile
--- Makefile~ Fri Mar 11 14:09:20 2005
+++ Makefile Sun Mar 13 09:56:42 2005
@@ -1,5 +1,5 @@
-.PATH: /usr/src/sys/crypto/
-CFLAGS+= -I/usr/src/sys/crypto
+.PATH: ${.CURDIR}/../../crypto
+CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../crypto
KMOD= mac_chkexec
SRCS= vnode_if.h \
server#
--
Peter Jeremy
More information about the freebsd-security
mailing list