Kernel Level File Integrity Checker report #8
Efstratios Karatzas
gpf.kira at gmail.com
Tue Jul 17 14:07:49 UTC 2012
During week #8:
* clean up the codebase
* midterm eval
* checksums are now produced in kernel land during VOP_READ() and checked
against the ones from .pefs.checksum. If they don't match, we deny reading
access to that vnode.
Next tasks on the TODO list:
* research/implement signing .pefs.checksum and verifying that signature
during `/sbin/pefs verify` as well as during VFS_MOUNT().
* require that immutable flags are set for all files that require integrity
checking. this should be checked both by /sbin/pefs and in kernel when a
vnode is looked up in index tables to see if it requires integrity
checking. Also, add an option to `/sbin/pefs addchecksum` to set immutable
flags for all files in input list, in case they are not already set.
--
Efstratios "GPF" Karatzas
More information about the soc-status
mailing list