Re: [PATCH 0/3] ELF executable signing and verification

From: richard -rw- weinberger
Date: Tue Jan 15 2013 - 18:26:11 EST

Next message: Greg Kroah-Hartman: "[ 132/171] ceph: close old con before reopening on mds reconnect"
Previous message: Greg Kroah-Hartman: "[ 135/171] rbd: expose the correct size of the device in sysfs"
In reply to: Vivek Goyal: "Re: [PATCH 0/3] ELF executable signing and verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 16, 2013 at 12:15 AM, Vivek Goyal <vgoyal@xxxxxxxxxx> wrote:
> On Tue, Jan 15, 2013 at 11:27:12PM +0100, richard -rw- weinberger wrote:
>> On Tue, Jan 15, 2013 at 10:34 PM, Vivek Goyal <vgoyal@xxxxxxxxxx> wrote:
>> > Upon exec(), we determine if executable is signed. If it is, then locks
>> > down the pages in memory (using MAP_LOCKED) and verfies the signature.
>> > If signature does not match, process is killed. Unsigned processes
>> > don't get affected at all.
>>
>> Also ptrace() should be disallowed on such a process created from a signed ELF.
>
> Yes, that I have listed in TODO. We need to disable ptrace for signed
> processes or make sure only signed process can trace it.

Memo to myself: Reading long mails on my Android sucks. ;)
I totally missed the TODO section. Sorry for the noise.

--
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "[ 132/171] ceph: close old con before reopening on mds reconnect"
Previous message: Greg Kroah-Hartman: "[ 135/171] rbd: expose the correct size of the device in sysfs"
In reply to: Vivek Goyal: "Re: [PATCH 0/3] ELF executable signing and verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]