Darren J Moffat wrote: > Garrett D'Amore wrote: >> Darren J Moffat wrote: >>> James C. McPherson wrote: >>>> Darren J Moffat wrote: >>>>> James C. McPherson wrote: >>>> .... >>>>>> We've got a unique hash which identifies "binary X". We can create >>>>>> a publishable mapping (ie, on sunsolve) between that hash and the >>>>>> version of the source that it is based on. >>>>> Why is it needed that you map a given random binary to source files ? >>>>> The wsdiff tool may help here though. >>>> ignore wsdiff for the moment, and remember that not everybody >>>> out there in Services-land cares about the source, just the >>>> mapping of patch numbers to bugids. That is why we need it. >>> Patch numbers to bugids is nothing to do with the source and sunsolve >>> already provides that mapping via the patch readmes. >> >> No, the mapping that is needed, I believe, is patch numbers to binary >> objects. (I.e. what version of the nfs patch am I running _right now_?) > > Assuming what is in memory is what is on disk then showrev -p > gives you that.
This is often not the case with kernel software. Folks install a patch, but for one reason or another have not rebooted. Service needs this information, I believe. > > We already have elfsign, and (almost) all binaries in Solaris are > signed, while this doesn't tell you what patch it came from it does > tell you that it is a "ligit" binary and not some random trojan, eg: > > elfsign verify -v -e /usr/bin/ls > elfsign: verification of /usr/bin/ls passed. > format: rsa_md5_sha1. > signer: CN=SunOS 5.10, OU=Solaris Signed Execution, O=Sun Microsystems > Inc. > > Extending modinfo only helps kernel modules it doesn't help userland > code. > > We could do the same thing for userland code, using procfs to get at binary information, I believe. I think the need is most pressing for kernel code, though I'm not a member of CTE or support myself. -- Garrett D'Amore, Principal Software Engineer Tadpole Computer / Computing Technologies Division, General Dynamics C4 Systems http://www.tadpolecomputer.com/ Phone: 951 325-2134 Fax: 951 325-2191 _______________________________________________ opensolaris-code mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
