Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
From: Kyle Moffett
Date: Wed Apr 26 2006 - 00:43:52 EST
On Apr 25, 2006, at 15:52:45, Valdis.Kletnieks@xxxxxx wrote:
On Tue, 25 Apr 2006 21:37:48 +0200, Arjan van de Ven said:
On Tue, 2006-04-25 at 19:57 +0100, Nix wrote:
On Tue, 25 Apr 2006, Arjan van de Ven said:
so you didn't sign perl ? or bash ?
You can write an elf loader in bash?!
I've not tried it.. but afaics bash scripts are sufficiently
turing complete to pull it off ;)
Well, somebody did 'shasm' (an assembler in bash), so I don't see
any reason you can't do an elf loader... (OK, so you *might* have
to write a machine emulator in bash, store the binary in an array,
and emulate the sucker...)
Well I know that there are ways in Perl to overwrite arbitrary memory
(it's considered a bug of a certain XS library, although it has no
security implications because you could do the equivalent in Perl
anyways). I would assume that it's quite possible to do the same in
bash with a specially formatted bash script. Once you can scribble
on arbitrary memory, you can load a compiled ELF loader and execute
it without much trouble at all. A signed perl binary would open a
hole the size of a barn door in your scheme, I think.
Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/