Major changes to verified exec
Verified Exec is NetBSD's feature to only execute programs with known
(good) checksums. Brett Lymn has made
a bunch of changes based on code from Elad Efrat: in-kernel fingerprints
are stored in a hash table
now (for faster lookup), and multiple fingerprint methods are now
supported, including md5, sha1, rmd160, sha256, sha384 and sha512.
See Brett's posting for more information, esp. on the
veriexecctl(8) user interface.
[Tags: kernel, Security, veriexec]