On Wed, Sep 17, 2008 at 23:30:25 +0530, Bingo <right.ho@xxxxxxxxx> wrote: > 2008/9/17 McGuffey, David C. <DAVID.C.MCGUFFEY@xxxxxxxx> > > > There is quite a raging debate in the Information Assurance arena about > > the failure of blacklisting and that we need to migrate to whitelisting, > > or at least a balance between blacklisting and whitelisting. We spend a > > lot of time developing security functions (like SELinux, ClamAV, etc.), > > which is a good thing, but why not also add the capability to keep > > tampered/unauthorized executables from executing in the first place? SELinux can actually help with that. You can make it hard for an attacker to label a file such that it can be executed. > I might have misunderstood you, but what will stop the malicious attacker > from signing his tampered executables? Maybe the signing ability will only Nothing will stop them from signing executables with some signature. Signing them with one that will actually be executed will require the secret key for one of the allowed signatures. Presumably that will be hard. > be granted to "registered" developers. But in linux, everyone is a developer > in the sense that running and distributing among friends of self-compiled > executables is popular. Not all users actually write code, but a large > majority compiles with slightly different options than fedora RPMs. Probably executables would be signed by distros and admins. > > So such users might have to disable this whitelisting stuff. Who would > control the grant of signing ability? The admins of the systems would control which keys would be allowed. They may or may not allow end users to do this depending on how a system is used. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
