Date: Tue, 19 Jun 2018 20:45:27 -0700 From: Conrad Meyer <cem@freebsd.org> To: "cem@FreeBSD.org" <cem@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r335402 - head/sbin/veriexecctl Message-ID: <CAG6CVpUrPjJfVh3upvzOqsJdaTfTboyrm36EDN3F3jbXQeOkSA@mail.gmail.com> In-Reply-To: <CAG6CVpV124ze%2BY6xX2ZFqbM%2B3hJNEJWR2qpnChpey=PmiW6qXg@mail.gmail.com> References: <201806200108.w5K18sIR050132@repo.freebsd.org> <CAG6CVpV124ze%2BY6xX2ZFqbM%2B3hJNEJWR2qpnChpey=PmiW6qXg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I forgot to mention that the kernel code also introduces severe performance problems due to really pessimal data structures, small IO sizes, and problematic locking. Again: please revert and proceed through a round or two of design review. Thank you, Conrad On Tue, Jun 19, 2018 at 8:33 PM, Conrad Meyer <cem@freebsd.org> wrote: > On Tue, Jun 19, 2018 at 6:08 PM, Stephen J. Kiernan <stevek@freebsd.org> = wrote: >> Author: stevek >> Date: Wed Jun 20 01:08:54 2018 >> New Revision: 335402 >> URL: https://svnweb.freebsd.org/changeset/base/335402 >> >> Log: >> This application (veriexecctl) handles reading a fingerprints file > > Hi, > > This patchset needed design and code review prior to commit. It > appears to have serious problems. > > First and foremost: nothing is actually signed, anywhere. The > veriexecctl tool parses and tells the kernel to trust a file input. > But if we don't trust other files on the filesystem, why do we trust > that one? There is no embedded signature mechanism proving the hash > list file is trustworthy. > > As a corollary to the above, the name "signature file" is used > repeatedly in the code, which is misleading. The file contains hashes > (digests), not signatures (MACs). The file itself is unsigned. > Nothing about this has signatures. > > There's absolutely no reason to use sha1 or ripemd in new designs. > These should be removed. > > The patchset is littered with style issues. One fairly obvious issue > is mixed indentation styles =E2=80=94 some files vary between space and t= ab > indentation from line to line. > > Please revert this patchset. It's not ready. > > Some suggestions for a second attempt: > > - Maybe use HMACs instead of raw hashes > - Maybe sign the source-of-trust file > - Fix the style issues > - Fix the compiler warnings at 6 > > Thank you, > Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpUrPjJfVh3upvzOqsJdaTfTboyrm36EDN3F3jbXQeOkSA>