Re: [GIT PULL] Load keys from signed PE binaries
From: Alexander Holler
Date: Wed Feb 27 2013 - 06:27:22 EST
Am 27.02.2013 11:17, schrieb James Courtier-Dutton:
3) Trust based on date. I trust everything from X that I put on my
system 2 weeks ago, but one week ago X got hacked, so don't trust
anything new from them until the hack has been stopped and the
revokation/correction steps have been completed.
E.g. the Bit9 case, where malware was able to be signed.
Which date? In reality dates are (mostly) defined as fixed points, but
computers just don't have such.
E.g. currently you can't use modsign based on X.509 certificates if the
date comes through USB, because modsign tries to load the certificate
before before the USB stack comes up, which ends up with invalid dates
(Not Before).
And changing the system date isn't that hard for an attacker if he is
already able to do other bad things.
Regards,
Alexander
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/