WARNOCK@clemson.CSNET.UUCP (02/27/87)
Checksum is a DCL command (sys$system:checksum.exe) of the format: $ CHECKSUM filename Checksum is used a lot by DEC when they ship a patch out in in printed form. Basically, if you run patch on a given file (ie: one that you typed in from DEC documentation), and then run checksum against it, a value is returned in the symbol checksum$checksum. This can then be compared to the known value (ie: calculated by DEC by running checksum against the patch they type in.) This insures that you type in EXACTLY what they meant (down to the last space, comment, and period !) Hope that explains it a bit... Todd Warnock Clemson University CSnet: Warnock@Clemson.CSnet BITnet: Warnock@Clemson
art@MITRE.ARPA.UUCP (02/27/87)
The following is an article submitted to the Pageswapper but not yet published. Methods of checksuming programs under VMS BACKGROUND: Verifying that computer software has not been modified is a common problem to both secure and non-secure systems. This implied threat presents itself when new releases of the operating system are prepared and delivered. The vendor should assure himself that he is applying patches to the correct version of the program. In the secure arena the implied threat presents itself both when new releases of the operational programs are prepared and delivered as well as during maintenance activities. One approach to this problem is a process called "checksumming." A checksum is the process of reading every record in the file and summing the values in the 32 bit words (with overflow) to form a single 32 bit value with is associated with the file. The process may or may not recognize executable images and give separate checksum's for each separate load section of the image. ANALYSIS: In checking various methods that could be used to validate an image on the DEC VAX/VMS system, the software functions ANALYZE/IMAGE and an undocumented VMS utility called CHECKSUM were identified. ANALYZE/IMAGE provides of information about the image but does not perform a checksum. This information includes a list of the patches to the image and a version number. Conceivably, a user could modify an image in such a way as to not change the version number or use the official "patch area". This would result in ANALYZE/IMAGE thinking that the program was unmodified. CHECKSUM has existed at least since VMS 4.0. It is undocumented (and at present not supported) but does provide a way of determining if the file has been modified. It consists of a program to read the file and calculate a 32 bit checksum. In the default mode (CHECKSUM/FILE) the entire file is read and checksummed. If the optional (CHECKSUM/IMAGE) is used, the various sections of the executable image are checksummed separately. The output from CHECKSUM is in the symbol CHECKSUM$CHECKSUM. Thus the normal method of executing the program is shown in figure 1. I have written a command procedure to checksum SYS$SYSTEM and compare the the results to the checksum previously taken. This procedure is included as table 1. The use of this or a similar command procedure at boot time could verify that the operating system and user programs have not been modified. It will take 10-15 minutes to scan all of the files on the disk and perform the checksum operation. Thus perhaps the best way to perform this would be in background while the system starts up. The results could be sent as an alarm message. Other uses of the CHECKSUM command include verification that only CMS was used to access files that are under configuration management control. I have heard stories of programmers using the VMS "PATCH" command to access files that are under CMS. This type of technique clearly has many applications. ------------------------------------------------------------------- Method of Checksumming any file $CHECKSUM foo.bar $SHOW SYMBOL CHECKSUM$CHECKSUM Method of Checksumming an executable file $CHECKSUM/IMAGE SYS$SYSTEM:PASCAL.EXE file SYS$SYSROOT:[SYSEXE]PASCAL.EXE;12 image section %D'1' checksum is %X'8D4B4D4E' image section %D'2' checksum is %X'00022901' image section %D'4' checksum is %X'00FD337A' image section %D'6' checksum is %X'0000F98C' image section %D'8' checksum is %X'A3CF1EBD' image section %D'10' checksum is %X'090C8745' image section %D'12' checksum is %X'6B39BC26' image section %D'13' checksum is %X'54C233C7' image section %D'14' checksum is %X'581934C7' image header checksum is %X'2DB7C2A6' checksum of all image sections is %X'40958C67' Figure 1: Methods of using Checksum utility ---------------------------------------------------------------- $ set noon $ open/write checks checkfile.sum $assign nl: sys$output $assign nl: sys$error $loop: $ next = F$search("sys$system:*.*") $ if next .eqs. "" then goto check $ if F$LOCATE(".EXE",next) .ne. F$LENGTH(next) then $GOTO EXEC $! $ checksum 'next' $ write checks next + " " + checksum$checksum $! write sys$output next + " " + checksum$checksum $ goto loop $EXEC: $ checksum/image/output=nl: 'next' $ write checks next + " " + checksum$checksum $! write sys$output next + " " + checksum$checksum $ goto loop $check: $deassign sys$output $deassign sys$error $ close checks $ diff/parallel checkfile.sum $ purge/keep=2 $ checksum checkfile.sum;0 $ write sys$output "checkfile checksum is " + checksum$checksum $ exit $! $! command file written by Art McClinton Mitre Corporation $! to check that all of the system files have not been modified $! $! method: $! create a command file listing all of the files $! use checksum to determine the checksum of each file. $! .EXE files checksummed using /image $! all others checksummed using /file $! difference the resultant list with the previous generated list $! generate a checksum of the list which can be manually compared $! with the previous checksum. If it changes then know that have a $! potential problem. $! * *---Art * *Arthur T. McClinton Jr. ARPA: ART@MITRE *Mitre Corporation Phone: 703-883-6356 *1820 Dolley Madison Blvd Internal Mitre: ART@MWVMS or M10319@MWVM *McLean, Va. 22102 DCS: MCCLINTON * * *---Art * *Arthur T. McClinton Jr. ARPA: ART@MITRE.ARPA *Mitre Corporation MS-Z305 Phone: 703-883-6356 *1820 Dolley Madison Blvd Internal Mitre: ART@MWVMS or M10319@MWVM *McLean, Va. 22102 DECUS DCS: MCCLINTON *