Re: [PATCH] signed binaries support [0/4]

[Alexander Wuerstlein]

On 070621 19:26, Adrian Bunk <bunk@xxxxxxxxx> wrote:
> On Thu, Jun 21, 2007 at 06:29:17PM +0200, Alexander Wuerstlein wrote:
> > On 070621 18:19, Adrian Bunk <bunk@xxxxxxxxx> wrote:
> > > On Thu, Jun 21, 2007 at 05:55:16PM +0200, Johannes Schlumberger wrote:
> > > 
> > > > Hi,
> > > 
> > > Hi Johannes,
> > > 
> > > > We (two students of CS) built a system for signing binaries and verifying them
> > > > before executing. Our main focus was to implement a way to inhibit execution
> > > > of suid-binaries, which are not trustworthy (i.e. not signed).
> > > >...
> > > 
> > > doesn't anyone who is able to install a not trustworthy suid-binary 
> > > already have the priviliges to do anything he wants to without requiring 
> > > an suid bit?
> > 
> > Yes, quite correct in most cases. But if you have taken control of a computer
> > on of the more common ways to keep the control for some time is the
> > installation of a suid-binary (e.g. as part of a rootkit). 
> 
> There are so many ways for manipulating a computer that controlling 
> setuid binaries hardly brings a real security gain.

Even if it does not really improve security too much it can be helpful as a
part of a larger system. For example around here we use a 'sbit-checker' that
basically does a 'find' and 'chmod', which we would be able to replace by this
patch.

Also our patch is not solely about suid-binaries, we just implemented
suid-checking because it seemed a simple and obvious thing to do.  Our real aim
was to implement binary signatures, which can be used in numerous security
related checks around the kernel. Btw. if you have any good ideas where one
could use them, please tell us :)



Ciao,

Alexander Wuerstlein.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/