1.\"- 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 2018-2023, Juniper Networks, Inc. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 18.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 19.\" OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 21.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 25.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26.\" 27.Dd August 8, 2023 28.Dt VERIEXEC 8 29.Os 30.Sh NAME 31.Nm veriexec 32.Nd manipulate state of mac_veriexec 33.Sh SYNOPSIS 34.Nm 35.Op Fl v 36.Op Fl C Ar directory 37.Op Fl S 38.Pa manifest 39.Nm 40.Fl z Ar state 41.Nm 42.Fl i Ar state 43.Nm 44.Fl l 45.Ar file ... 46.Nm 47.Fl x 48.Ar file ... 49.Sh DESCRIPTION 50.Nm 51is a utility to query or manipulate the state of 52.Xr mac_veriexec 4 . 53.Pp 54The first form is for loading a 55.Pa manifest . 56.Nm 57first verifies a digital signature of the 58.Ar manifest 59and if successful, parses it and feeds its content to kernel. 60The 61.Fl S 62flag indicates that certificate validity should be checked. 63Without this, a valid signature with an expired certificate 64will still be accepted. 65.Pp 66The second form with 67.Fl z 68is used to modify the 69.Ar state , 70and with 71.Fl i 72to query the current 73.Ar state . 74.Pp 75With 76.Fl l 77.Nm 78will report any labels associated with the remaining arguments 79assumed to be files. 80If only a single file argument is given, the bare label (if any) 81will be reported, otherwise the pathname followed by label. 82.Pp 83The final form with 84.Fl x 85is used to test whether 86.Ar file 87is verified or not. 88This requires 89.Xr mac_veriexec 4 90to be in the 91.Ql active 92or 93.Ql enforce 94state. 95.Pp 96The possible states 97are: 98.Bl -tag -width enforce 99.It Ar loaded 100set automatically when first 101.Pa manifest 102has been loaded. 103.It Ar active 104.Xr mac_veriexec 4 105will begin checking files. 106This state can only be entered from the 107.Ar loaded 108state. 109.It Ar enforce 110.Xr mac_veriexec 4 111will fail attempts to 112.Xr exec 2 113or 114.Xr open 2 115files with 116.Dv O_VERIFY 117unless verified. 118.It Ar locked 119prevent loading of any more manifests. 120.El 121.Pp 122When setting or querying the state, it is sufficient to provide 123a unique prefix of the desired state. 124So 125.Fl i 126.Ar a 127or 128.Fl z 129.Ar e 130are sufficient, but 131.Fl i 132.Ar loc 133is the minimum required to avoid confusion with 134.Ar loaded . 135.Sh MANIFESTS 136The manifest contains a mapping of relative pathnames to fingerprints 137with optional flags. 138For example: 139.Bd -literal -offset indent 140sbin/veriexec sha256=f22136...c0ff71 no_ptrace 141usr/bin/python sha256=5944d9...876525 indirect 142sbin/somedaemon sha256=77fc2f...63f5687 label=mod1/val1,mod2/val2 143.Ed 144The supported flags are: 145.Bl -tag -width indirect 146.It Ql indirect 147the executable cannot be run directly, 148but can be used as an interpreter for example via: 149.Bd -literal -offset indent 150#!/usr/bin/python 151.Ed 152.It Ql no_ptrace 153do not allow running executable under a debugger. 154Useful for any application critical to the security state of system. 155.El 156.Pp 157The 158.Ql label 159argument allows associating a 160.Xr maclabel 7 161with the executable. 162Neither 163.Nm 164nor 165.Xr mac_veriexec 4 166(if it supports labels) 167pay any attention to the content of the label 168they are provided for the use of other 169.Xr mac 4 170modules. 171.Sh HISTORY 172The Verified Exec system first appeared in 173.Nx . 174This utility derrives from the one found in Junos. 175The key difference is the requirement that manifest files 176be digitally signed. 177