An Introduction to Verifiedexec in NetBSD

Video thumbnail (Frame 0) Video thumbnail (Frame 2128) Video thumbnail (Frame 5502) Video thumbnail (Frame 12934) Video thumbnail (Frame 23315) Video thumbnail (Frame 31266) Video thumbnail (Frame 42952) Video thumbnail (Frame 47214) Video thumbnail (Frame 49465) Video thumbnail (Frame 53377) Video thumbnail (Frame 59840) Video thumbnail (Frame 69553) Video thumbnail (Frame 76065) Video thumbnail (Frame 79490)
Video in TIB AV-Portal: An Introduction to Verifiedexec in NetBSD

Formal Metadata

An Introduction to Verifiedexec in NetBSD
Title of Series
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
The verifiedexec feature has been part of NetBSD for some years now. It seems that a lot of people are unaware of the feature or do not know the full capabilities of verifiedexec. This talk will introduce the feature, what it can do and also what it could be capable of with some kernel changes. The verified execuction feature is a unique extension to the NetBSD kernel that allows an administrator to ensure the binaries and files that are being accessed have not been modified by comparing the fingerprint of the on-disk file with a "known good" copy of the fingerprint kept in kernel memory. This allows very fine grain control over what will be executed on the machine, even by root, and can provide assurance that files have not been modified. In this talk I will go over some of the history of verified execution, how it works and what it can do, then finally move on to what the next steps I want to take in the development of veriexec. Verified execution has been in NetBSD for a long time but it seems to be a feature that that is not widely known about, hopefully this talk can raise its profile somewhat.
Prime ideal State of matter System programming Interactive television Speech synthesis Student's t-test Videoconferencing Open set
Web page Implementation Observational study Multiplication sign Trojanisches Pferd <Informatik> Field (computer science) Mechanism design Goodness of fit Performance appraisal Semiconductor memory Kernel (computing) Single-precision floating-point format God Fingerprint Physical system Pairwise comparison Decision theory Electronic mailing list Coma Berenices Bit Staff (military) Knot Trojanisches Pferd <Informatik> Performance appraisal Kernel (computing) Software Rootkit Linearization Fingerprint
Presentation of a group Scripting language System administrator Multiplication sign Tap (transformer) Set (mathematics) Mereology Machine code Storage area network Exclusive or Different (Kate Ryan album) Hash function File system Flag Software framework Vertex (graph theory) Physical system Scripting language Source code Curve Electric generator Software developer Data storage device Electronic mailing list Bit Virtual machine Type theory Latent heat Process (computing) Hash function MiniDisc Quicksort Data structure Row (database) Slide rule Implementation Game controller Functional (mathematics) Service (economics) Table (information) Real number Data storage device Student's t-test Number Network topology Gastropod shell Boundary value problem Configuration space Data structure Implementation Associative property Linear map Fingerprint State of matter Plastikkarte Cartesian coordinate system Cache (computing) Number Word Kernel (computing) Personal digital assistant Function (mathematics) Network topology Interpreter (computing) Speech synthesis Object (grammar) Collision Boundary value problem Fingerprint
Structural load Multiplication sign Sheaf (mathematics) Set (mathematics) Open set Malware Bit rate Different (Kate Ryan album) Computer configuration Linker (computing) Kernel (computing) Hash function Query language 9 (number) Physical system Scripting language Moment (mathematics) Electronic mailing list Data storage device Bit Complete metric space Hash function Computer cluster Order (biology) System programming Configuration space Right angle Quicksort Web page Ocean current Trail Slide rule Asynchronous Transfer Mode Game controller Connectivity (graph theory) Login Hypothesis Power (physics) Number Gastropod shell Ideal (ethics) Energy level MiniDisc Computer-assisted translation Fingerprint Execution unit Matching (graph theory) Validity (statistics) State of matter Planning System call Particle system Kernel (computing) Function (mathematics) Compact Cassette Network topology File archiver Video game Fingerprint Library (computing)
Scripting language File format 1 (number) Data storage device Performance appraisal Natural number Kernel (computing) Interpreter (computing) Energy level Flag Directed set Configuration space Curvature Task (computing) Fingerprint File format Computer file Web page Control flow Sequence Type theory Digital photography Absolute value Gastropod shell Fingerprint Force Flag
NP-hard Scripting language Multiplication sign Machine code Different (Kate Ryan album) Kernel (computing) Interpreter (computing) Flag Information security Pressure Physical system Scripting language Rational number Web page Computer file Electronic mailing list Data storage device Bit Staff (military) Control flow Complete metric space Order (biology) IRIS-T Website Configuration space Right angle Quicksort Block (periodic table) Classical physics Game controller Density of states Data storage device Login Performance appraisal Gastropod shell Energy level Directed set Configuration space Focus (optics) Multiplication Uniqueness quantification Login Volume (thermodynamics) Machine code Gastropod shell Object (grammar) Fingerprint Buffer overflow Force Flag
Point (geometry) Slide rule Asynchronous Transfer Mode Scripting language State of matter Multiplication sign Letterpress printing Parameter (computer programming) Machine code Neuroinformatik Number Interpreter (computing) Single-precision floating-point format Gastropod shell Energy level Cuboid Flag Directed set Error message Pressure Fingerprint Scripting language Validity (statistics) Tape drive BEEP Forcing (mathematics) Computer file Gradient Login Cartesian coordinate system Type theory Web 2.0 Kernel (computing) Chain Website Right angle Energy level Gastropod shell Quicksort Musical ensemble Block (periodic table) Freeware Fingerprint Computer forensics
Web page Demon Server (computing) Greatest element Multiplication sign Letterpress printing Data storage device Machine code Pi Performance appraisal Cryptography Semiconductor memory Military operation Flag Fingerprint Default (computer science) Mapping Forcing (mathematics) Web page Binary code Physical law Plastikkarte Bit Letterpress printing Machine code Binary file File archiver Configuration space Quicksort Fingerprint Flag
Web page Point (geometry) Game controller Functional (mathematics) Group action Multiplication sign View (database) Source code Set (mathematics) Data storage device Parameter (computer programming) Machine code Pi Goodness of fit Performance appraisal Semiconductor memory Military operation Operator (mathematics) File system Energy level Flag Software testing Physical system Fingerprint Weight Software developer Web page Electronic mailing list Bit Letterpress printing Binary file Kernel (computing) Hash function Personal digital assistant Right angle Object (grammar) Quicksort Pressure Fingerprint Asynchronous Transfer Mode Flag
work everyone is here on Monday instrument on it just a quick about her findings exact crowd interaction 1st of all there is the crowd this is the 2nd 1 is is that it is the students up on that we shall do not yet we had is I'm sorry yeah that's that's right sorry I of untold I do have an accent so you if I to cite something that you don't quite understand just wife prime speaking Spiegel Clarke clearly pointed out I said who'd his actually heard of the state but not good I be verified Exec not it is actually used I hope right so that's good so I I don't have a some jobless if we perceive and then some other people to to use it or not 1st brought would just
start off from get a bit of a history about where where this kind from and with Alienware where it is now where we where thy God with it might be the whole idea camera can about might last century but last Millennium so it cancels impressive and I was just so reading the untracked myelin list at the time they had a lot of traffic about trojan horses really is being hijacked rootkits being installed on machines that was Start of started with so I guess as that when new ideas that is certainly where this staff to become more prevalent and this is just what Western thinking what why should the kernel run any random at the software that's wrong but seems to me every cooperative and those EU-wide into you really control walk was happening on shame and it's a start thinking will why is this wine do we allow this to happen should can we stop and we just assume that if somebody's rude and now you cannot stop it but not missions of things to from what I like need mechanism for actually trying to stop people from from doing this that's basically where the where the idea kind from but
just thinking about how through that how can you actually identify fall that you want to to be running all reading hello do you know that this is 1 that that has been modified all 1 you know nothing about so I will start thinking about this in I will need to have I was files something about a file that you can you can tell what whether the whether the file is being modified or whether it's something it doesn't know that the 1st idea was when it is something list of fingerprints in in the kernel to to actually help identify what did it should know about it didn't know about when the then when that file is accessed fingerprint could be evaluated on the on the on this file now could be compared with the inca released and if the 2 match their in beginning a common that has been modified as 1 that we know about and we can be confident that is something that we want to write what sector want to read search I did the initial 1 copy of this kind of this idea after after much head-scratching among bombing or something that that actually works and the obvious problem then we've got here is that it was like I did diary comparison of running external field without the modification with modifications on Boston Times slot the big performance it was not really surprising because but only reading that the entire follow all the time to cite that you value right the the fingerprint evidence exact wasn't files right and the others that's the thing that we will use to that demand paging so that put us back to the good old system 5 dies win you would run upon it would sack goal memory and being stopped from the way it used rather than the the more modern way of just bring in height is as good as or chloride and so that had a the impact on their on performance as well as and his fairly fairly negative such 1 of I did to actually mitigate that it was once the what's files being red you think it has been evaluated you knock that off to go off in the in the list sighing yeah we've looked that follow what's and I'm for some provisos on that we don't need to check that follow again because with checkered knots good next conference we could actually we can just actually wrong that run thing knowing that we've we've gone through the checks which means that the problems with the with the performance with your page if demand paging and also having to do the evaluation goes goes down and with due mutation we've got performance and impact of 5 say and which wasn't too bad and especially given the reflect the implementation just to study single list linear list of fingerprints and we just such through there every time looking looking for which was it's sucky but it was so simple and he worked side that's that was what I like it initially the brought leave
they'd with the problem with the caching this gives us an immediate problem the controller storage I was so then somebody can actually got you behind the curve back modify the storage then request that that followed be executed toughness object that already as fun butterfly and or interview you just bypassed the the whole idea of the verified except that we just hands no idea if there is false be modified not really a problem we use storage the kernel has direct access to sorry all your direct-attached disk fine because kernels kernel knows about that is if false be modified so actually what what so far but it's a cool dude if at some was and it will actually just the clear the cached but check this fall is follow this modified at some labels sorry if at night and you know actually force a re-evaluation if fungus modified It's problem for NFS because you can actually control the that so people can overwrought falls so so said not to students SIAM extinct but if the said administrator allows storage the axis part of machine and somebody's determined enough the bike and they can actually more qualified so I that was a problem they're all talk about some approach to fixing that lies but at the same time just decided that the boundary of trust verified it's it was just the the the the case of machine you got you have had on fire and find it so as all what were assigned to not signing Yashin years so what you yes it does the actual words the hashes get hours on the but get loaded into the kernel at the top alien but time how many of you they file paths this has yet there is saying you know this I all that associates of dice fruitless in in in the wall but bicycling you the the what which is you have a great habit I fall there that has the fall top 9 the the hash for the for 3 for the fall of some flags and and other bits that of administrivia for for verified except that it's what it means is into the kernel when it when it is slide into kernel the fall Poskus resolved to the to the actual this far phone number on the on storage so and what the the hence let me get on with that that's that's a very good question and so this sort of a believe I have an answer for you on that much lighter and in presentation of death that was there that of 1 this is this a fixed this problem on that light up when back most of they might was 7 that I think I just knocked if what yeah that's that's like as the set where we would get a recording and the guys work be disappointed about I can as I said before I edited initial implementation of this sent us cost process would work eventually the 1 the 1 of the things that I did pick up during the aging the implementation was that the current path for for executing a binary and 1 that's executing a shell script There's a difference what happens when you when you execute a a show script is that the exact framework looks Jakes' a file this is a text file finds that finds it got very the hatch bearing been a-SiGe whatever that there I guy that's my my shows tricked interpreter except that and the the the the rest of the fall into it which it was rather interesting and ending gave me the opportunity to to creative featured that's at I hadn't really thought about initially and something and something that all of the talk a bit more about the walls the colored was finally committed to that is the tree light in 2002 and so it was at the at the time it was was basically functional as seat went into the tree was there were people started helping out in like improvements to it and sexual become a lot more refined than
it was in the in the initial 1 the kernel cards had a lot of improvements as as I mentioned before the the Rishon implementation with just a linear list which it didn't seem to have too much an impact but you cannot stand that it probably was the most efficient thing to do that with switched to using a hashed will so either the taps became a lot more efficient and we switched to using follow generation numbers the original seizing on nights the ionized number but that's very specific to you if if that's your 1st it wasn't really meant that you you couldn't really support the other file systems very well by using the the fall generation number all false systems shot from interface and that or if the follow generation numbers states to 1 of the other developers men that we could support all of our systems rather than rather than just I did more fingerprint hash functions Shelia was just in D 5 just because that was what we had at the time and certainly when I was I was doing this there was nice to real mention of of hash collisions well not only I think that people worried but nobody had actually managed to work out how to how to produce a hash collisions sorry yeah having having more than just in the 5 what's was a real lesson after after the people would I haven't had a generator and antique exclusion and the list of the of the hashes that we support lighter on type put into the kernel the ability to take out certain Habboush functions as a mention of the year and the 5 1 much a large people might not but some people may not like to have that in there it just because of the of the has hash collisions but I think that there's only Phipps 140 requirement that you don't have indeed 5 abilities yes it can be there but you can't use it this make sure that you can't use it because it takes it out of the kernel and so the other thing the are other improvement that we did was were they appears of use of unrelated structures originally when I say I did this so I I had I had a look inside the kernel and which in on notice that the V night that it's stayed around for a long time even with that if files closed it the actual been does not get recycled for a quite while and sorry ritually what I thought was a really good idea was to actually just add IT next rift today but these verified exec to to keep track of with the the files speech it or not have moderate weather was actually had data fingerprints Association nothing and the unfortunate thing with that is that the size of the united structure which arranged whether or not you had verified exec on which it was really a good idea sorry that got used or we will raise the those entries from the from of and created a a file associations service in such a such a kernel so did associate phone number if so actually random middle so you can which is what the verified insect users now instead of instead of the the only way of using the night so that's gone back to have just been set size whether you've got verified exec on which my what people happy I think visually
when I when did the in order for the for the fingerprints it was it was just a right only option if it that that the fingerprints into the kernel and but the verified exact use them the tool that we use to do that a very exact CTL now has the ability to read back by use those entries saw a few the idea is if you if you going along fixing things are to Canton do and some of that in some of the lower the strictness levels of the of the verified exec day in you sort of might be lost track of where you are you can such that the actual fingerprint miss out of the kernel and say well this is this is my running set at the moment the white if you follow nines back that you will you should be I would actually work out what follows off and the cassette off it's not something I want to mention if that if they was if the files are hard together then you might have more powers to the side to cite actual physical fall and verified exec lady just were exempt from the phone number if the file number already is in the list and the hashes try the feeding match it will just ignored the gathering tree it's an error if he'd and had different hashes for hard linked files which shouldn't happen the society convenience that was Britain is just a shell script that trolls your your machine looking for likely false to put into the verified execs executables anything with that's got the exact it or will be will be tagged will be added to the list was libraries business something that we mention before that this is where they it with René falls comes in is 1 a ship you want to make sure that you shared libraries are also tight not just the executable was not point just checking a skewed was archive somebody's gonna arrive 1 the libraries and bring in science and charge the right side be verified exact will actually check the shared libraries what any fallout breed the choose you act tell what to salary the 2 tool actually does looking for it for all the shit libraries a size 1 list eaten begin edge and on things in into their just Rentech's particle this where you know the the when when they see linker actually and does its work to do to get the get the the shared opens the file in the validation done to follow it the most yes kernels doing always validation this is this is 1 of the things that are always concerned about initially was there were people that we're looking at doing library shinning and trying to actually I did that tracks I by hiding normally for for most of th the for a for a normal rate but if there a history call Log recall was called in a certain way than the malicious code would get executed and follows concerned that making sure that there was nothing in USA level it's own current side that so that the by couldn't actually through those those sorts of shimming tricks so yes every time the shared library the dynamic linker unconcious shared library on on open if there if it's if it's at the followers in in the various exactly which still get checked not much it's I can't can't side of the problem and how much but it's don't vary of the the verified exec entries are only a few hundred bytes each is basically just stores phone number and and the hatch so it's it's not very much much bodily still needs to be held for each file but I think it was only a few pages from the world yes yes for a for a large follies-the the pay that you pay the penalty for for the for the 1st rate through the file after that you if you if you watch that again then it'll it'll be fine it'll all those a skyscraper quickly yeah that's the sort of that you've got there current turn actually check the fall without reading all of it at 1 1 stage by writing about carriage and that all gets to the ideal of thought about but that actually I haven't had a control paging that's that's right so the damn track in the in the talk that's it is not something we do now but is something I'd like to do a cat and well so I grew I thesis control facility for controlling the there are very verified exact subsystems to yellow to put it into the different minds Italy II again I to hijacked this Q level and added a couple obscure levels to to do this this is a this a bit plane alive during and this bit nicer than than just upping secure level is it it should be more control over as well they cis control also to tell you what fingerprint method so as ordered so you can actually see what a kernel will will allow you to life you have depends depends on the
on the strip level well get to object get to district level that's this problem that next slide of operationally that have general that has a verified exec support component to it that's just a couple of couple of options in in the kernel rebuilt we the new rely as I as I mentioned before you can select the the fingerprint passion others that you you want to support it doesn't make too much size difference to the kernel with you would you have all although all fingerprint hatch in there will lot as it was small for compliance assess it before the current of technical issues most of the big 1 at at charts which those I can't lorries sciences the current Tata hash methods we've got none of their R&D when 6 the shoddy 56 shot 3 at 4 shot 5 112 shall 1 in the 5 some loci or we don't want to use that they're they just the completion and I as I said before there said this it help us to live that that actually on your right to to run the run on the false system to be the to generate your file just a just give a kick-start you can you can edit that to suit or add more falls into it that doesn't necessarily just have to be shared libraries all or you're ponderous you can you can put Rentech's false and then if you if you are invested configuration policy community it'll it'll check and we validate that that have been modified and then like those fingerprints using your It's very sexy city of and said district level depending on what what you want to do it now there are various strict levels that you
can have of try suited to
mention I think I mentioned the strict levels bit lighter it's gone that we should
get there their a fingerprint file this is so answer question we have all this this got this Heisuke format you got the photo tasks type of far up fingerprint method natural fingerprint had depending on which which has she eventually decided to use X and flags that determine the behavior of the of various exact the flags you can have what does role it there are a whole bunch of them and if you see if you wanted to have a look at the man page for my so that we can get by direct indirect trusted and far out there they added by sequences some convenience ones that they're all wars of of these these basic ones that just just quickly the direct 1 there's I will
go through and through them in order than what's that what the flakes mean untrusted which is 1 hour don't lock actually to be honest this tells very sad that the this follows on HP's storage He's trust that can at high control over this is this is things like sand or does Novell rational things could every time so it novels decide they I think courage the idea is that I fully it's somebody has picked up the what use has modified the file the next 1 gets it will actually pick up the times for sure as complete solution DOS true y you know all that which is why I'm not happy about it that is best we can do minor follow it is just a thanks I should Labatt's configuration files so it's telling they're fighting 6 that I don't you expected to be running this file and in some some strict levels that that makes a difference site is something there that is just gonna be ready the right in years an executable this is something that you don't run from the command line what something like that it's going to be invoked to to actually run indirect is something that focus on in a little bit this is an executable actually my online can be shown and you can have multiple flags over comma-separated list that as I mentioned there are some convenience biases this there are there are some things like if you if you shell script then you need to tell the exact file and it can be executed so befall and direct otherwise at some strict levels very very exact who will actually do not the execution FIL
as some itself of we don't like him got you just go through been about the direct versus indirect because that is something that up entirely sure that everybody understands why it as I was saying earlier in the talk I did notice that way when I was looking at the exact kind that there was a difference between how how a script is handled and how Bonner is executed and that code path difference made meant partly distinguish between a shell script and just normal binary but that gave me the chance of implementing this indirect and direct what does that do for us what that does for us is that we can actually have I shall interpre on the mission something like Pearl or whatever but you cannot run whole from the current 1 you can have a bunch of those scripts for doing administrative staff want to to run I I PostScript the uniqueness IocaI sure here who your PostScript's they're in verified exact so you know the not modified the person can run that that's script and as long as the script used recently well written thing UBI tied what I want the to do you say is a once the from the from the command line and actually the of the talk Red montant not an opinion poll that that's just just an obvious candidate and so you get the get the the ability to to give people scripting without giving a list the the actual scripting shell you can actually use this and of honest that's that's sort of sort of interesting you if you earth very x exports will just try and do a buffer overflow something in enforcing say it could be in such as an easy 1 to do it's it's a sort of classic technique for for trying to outrun go show on the thing what you can actually do it is not been a Satcher's as being an indirect easily so you start to sweat we shall scripts the you let make a copy of a penis AICHR if you if you use that as as the login shell like it's called something else some some other anime that's that's hard guess it's a bit of its its security by obscurity but if the people don't have access to the machine in the in object not where that it's so you might that copy your login the volume execs initial have you guys when they try and when so many frost doing exploit this is exact it's been assigned for me the 46 it's is not it fun to a direct execution said just something a little known speed bump of people yes not you can't used by science unfortunately it's said is a system thing that would be sort of interesting to that what they a
of yes will certainly end
users were running the challenges of using the not not because that's that's allowed executable on the on the the on the on the computer side they got any light Bollettino di haven't you assuming that if if you like in lobbying without then there's no trust at some sort of level right yes this is this is
where we entered in the strict level once it once you've lied up the verified exact once-flooded up the the fingerprints into into the kernel and then start setting what school district level and essentially tells verified what you wanted to do it in certain circumstances stop it starts with 0 is your initial sprite allows a lesser fingerprints to be lighted in our uptight fingerprints I've like them and and a lot he complains about mismatches he complains about incorrect fall talk axis if you recall the slides back there was the fault heart which is the direct indirect that follow flags by that have meaning to native verified say if at strict little 0 allow you to to run I binary that's been marked as a but it would complain about in the strict level who deny access to 2 falls with a fingerprint mismatches so at that point not you can't you can expect something more all read something that that doesn't have a valid thing of honor you have to write to the fingerprint files but what it will clear the clear the cached on that so the next time next false access to give you it will force of Ravello re-evaluation of that and if you fingerprint mismatches the still allow mismatch fall types there are a few other restrictions there detailed in the in the man page st certainly around around things like access to raw devices that strict level turned which is know would expect to be using this fact when you gone dot the intention is that you would be running at 0 and 1 just to get your fingerprinting chained up and once you sure you've covered everything the mission will operate you if got rid of all the errors gradients industry about saying which has all the all the previous restrictions box prevents the B the rights of fingerprint files so everything on the on the print it's automatically becomes redundant come come modified seed mutable the forces the fault taught striction at that point you to come run a text file this it is just not this then you want don't run of all which is why I was mentioning the PostScript that it's far and it's also a direct export that tells verify detectors this the shell script and there is actually convenience variable the is automatically also as you again the site intersects with it was number 3 I really expect anybody to seriously use and actually has a little produce risk you turn open new files can't create new files has a very very very restrictive you might want to do this really really sure you've got something this really hard and and should always logs off somewhere else and just see music box was single not single-user I single application box something like that but I don't expect anybody to while most people wouldn't be really using that at all the other for all that long was that if you suspect that the machines been breached the need you can put it industry like free stop anything else happening through a if the fervor forensics before you take the chain there I'm not sure that it really get used to thinking that's correct yeah it's you yeah body it does mean that you actually get to do that while machines and states not knife damage can be done to change those the argument about yeah yeah there's always that on far more right on
the squared is that my amendment just have a quick run-through where it's with hope that I can get this to go some stage it's been a long when I previously I had a question at the front here from from some about about the the Chi-Chih which is a very cooperative based the untrusted flag time actually protect you from a long-running binary the what you can do it if the if the attacker has has access to me but along I can actually overall quality Igesund binary have it's that Bonner is running on the on the very except in long-term it's something a demon supports now but I speak with the once a month as then the funds it . pick that up hi will bring those pages into into memory the attacker can hide the binary the 4th foresees execution of height it's sort of sounds sounds like it's a bit farfetched but I got a working exploit this year and if a server the binary that I can I can override and reliably to so the page will pull letting and and actually execute the code the modified card without any detection it's not terribly hard to do the you just need to force the force Huygens out of out of memory on the on the verified using machine got access to machine then that's that's trivial just a map of the the fallen and and talk to flush Huygens they're gone so if you don't have access to a machine then it's not really hot that you just so stressed solution until you think the pages gone America as so what can we do about that trying to try to keep they fingerprints so for all the pages of binary in a in the configuration all I thought was a bit unwieldy default huge because every pie to have his fingerprints really hard to my time and just minutes when I when I looked at as in we're already reading folly to evaluate the overall the print the file so why not in parallel just take a fingerprint of each page as it happens so you do it in parallel revolve I spot pledge when they're doing overall fingerprint noting down the the fingerprints of each it's page at the bottom once we once we've done the whole far off then It's a fingerprint for the whole fall matches then we have said all Pige and they're they're all we contrasted with because the the whole law actually check was validated if there is an archive in the hole gets dumped into the fall doesn't get executed and so that means that we we've got we can just you guys by a page fingerprints on the on the floor
the and that means that you can
actually then of of got a commodification for this chicks the mode either the pages so as Huygens coming full files have been marked as as being untrusted that we hope I H fingerprints will get will get checked and this doesn't actually stop the exploit tried it with 1 of my little test case and eat was that once page comes in the pie the the I just have an idea the the executable actually gets to United rather abruptly because had read on the on the page this if is more of a performance hit I won't be actually qualify that to be honest so it's you would expect that there's a bit of a performance it really depends on how often you bring in the pages seeing how much memory pressure you machines the sorry it's it would be actually rather hard to quantify is often depend on what else is happening on machine by all the yes all over all the hashes going to a central central objects even we have to make mutable great so yes you create you created a system that system in this time I or whenever you updated something and so you can say he's my is my golden list you like of things so I'm going to allow this here yes yes I was a
polar putting elsewhere sort of putting it doing interesting things like actually putting it on the under the mount point of the of the system so is at once a file-system mounted then it's no longer visible and things like that is actually is the same and if yeah yes yes actually this is with us from what I understand it was at least used food problems in in some also actually do feature control as well is that that the right this instructor why couldn't which is what I'm going to talk about this now the should to intervention digitally stop of the fingerprint so so you can you can actually trust that hasn't been modified and they allow you to is to modify the fingerprint was all wall there's brief as it is in operation rather than having to to just reboot is he can then because you can trust that that the fingerprints of former from a non good source the also the digitally signed binary so this is this is something that I didn't want to do initially to be honest I awarded verified say to be ever run on the system without any without any far more nations Eitel sorry there was no need for anything special in the fall to run another developer has done some work to make it usually song on race and the I want the runners with exec on by suddenly required temperate which is a problem for us for quite a while because there wasn't any is the licensed prefer that's being addressed that it was we've imported net it the I remember why if why the weak took so long to do that but it was there was some problems with licensing and then other prevented us from doing that there is also thought that you could actually pre-populate the the fingerprints for critical things so it so that you could have your youth some of all sexually protected right to get going 1 of ice could have been the the fighting said list itself which is of incestuous but it would work that Nets would call but any more questions that you haven't come on the talk all of them OK so on this view of the all has had an honored if they can move ahead also being changed is the kernel kernel knows the the false being being written efforts if the files been open for bright and end this trick level is at the right level thin then verified exact which is the clear the flag on if it's if is Ivan for ordnance district level is is 1 above then then adjusted if not that you get an hour when it when you try and do that what's is the mission also in some cases this year so in the 2nd in each of the other thank you and you know this 1 the in the fall of next year but also in Europe is made by using the set of all I said was you know what you could yes the who in like something that would not the other night a but it probably would be to to do that yeah said your these groups usually at hang your hat and yeah so that we can move so I did the would be found as we said you know I haven't haven't tried to to actually do the proposed action that's that something of a walk to get to it really what I'd like to get him 1st is the is the Pige stuff of had that modification around for a long time but that's there's been some push on the on the more fact modifications are made to the to the Eiger of this the wider is taken since they were at all places where that where the Piter did his work not try to you merge cytosine and the the funk function was a bit complicated and had a lot of a lot of parameters and the wasn't very well lot so later need actually rework them in the park can It's not heard in it OK that's it well thank you can't