Re: How to black list shared libraries and executable

From: Jes Sorensen
Date: Thu Mar 04 2004 - 04:42:38 EST

Next message: Meelis Roos: "parport compile error in 2.6.4-r2c (sparc64)"
Previous message: Russell King: "Re: powernow-k8-acpi driver"
In reply to: Chris Wright: "Re: How to black list shared libraries and executable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "Michael" == Michael Frank <mhf@xxxxxxxxxxxxx> writes:

Michael> Just wondering on how to build a kernel-level facility which
Michael> would require shared libraries and executables to be "keyed"
Michael> or even "signed" to run on linux.

Michael> This is to prevent execution of software not specifically
Michael> authorized.

The shared libraries are going to cause you 'issues' since these are
all loaded by dynamic linker. All the kernel loads is ld.so, the
rest of them are mmap'ed from userland.

So if you want to take this approach, you would have to hack a special
ld.so that only allows your authorized libraries and only authorize
the kernel to load that dynamic linker. Otherwise you have to do
content validation for all mmap operations.

Jes
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Meelis Roos: "parport compile error in 2.6.4-r2c (sparc64)"
Previous message: Russell King: "Re: powernow-k8-acpi driver"
In reply to: Chris Wright: "Re: How to black list shared libraries and executable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]