Re: [ANNOUNCE] DigSig 0.2: kernel module for digital signature verification for binaries

From: Valdis . Kletnieks
Date: Wed Oct 01 2003 - 09:06:15 EST

Next message: Richard B. Johnson: "Re: File Permissions are incorrect. Security flaw in Linux"
Previous message: Felipe Alfaro Solana: "Re: File Permissions are incorrect. Security flaw in Linux"
In reply to: Makan Pourzandi: "Re: [ANNOUNCE] DigSig 0.2: kernel module for digital signature verification for binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 01 Oct 2003 12:26:31 +0200, Pavel Machek said:

> > Instead of writing a long detailed explication, I rather give you an
> > example of how you can use it.
>
> Can you also add example *why* one would want to use it?
>
> AFAICS if I want to exec something, I can avoid exec() syscall and do
> mmaps by hand...

The idea isn't to stop you from calling exec*().

The idea is to ensure that if you do execve("/usr/bin/foobar",...) that the
foobar binary hasn't been tampered with and you're not about to launch a binary
differing from what you expected. Note that on a properly administered
system, this is a *high* level of paranoia, as the file permissions should have
prevented writing to the binary in the first place. It's also a maintenance
nightmare waiting to happen, as you get to re-sign all the binaries every time
you install a patch, and it won't help prevent trojaned shared libraries...

Attachment: pgp00001.pgp
Description: PGP signature

Next message: Richard B. Johnson: "Re: File Permissions are incorrect. Security flaw in Linux"
Previous message: Felipe Alfaro Solana: "Re: File Permissions are incorrect. Security flaw in Linux"
In reply to: Makan Pourzandi: "Re: [ANNOUNCE] DigSig 0.2: kernel module for digital signature verification for binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]