> From: Bingo <right.ho@xxxxxxxxx> > Subject: Re: Whitelisting only digitally signed binaries > > > There is quite a raging debate in the Information Assurance arena about > > the failure of blacklisting and that we need to migrate to whitelisting, > > or at least a balance between blacklisting and whitelisting... > > > > I would envision something that checks a digital signature or at least > > checks a table of hash strings associated with the true/trusted version > > of the executable before allowing the loader to proceed... > > I might have misunderstood you, but what will stop the malicious attacker > from signing his tampered executables? Maybe the signing ability will only > be granted to "registered" developers. But in linux, everyone is a > developer > in the sense that running and distributing among friends of self-compiled > executables is popular. Not all users actually write code, but a large > majority compiles with slightly different options than fedora RPMs. > > So such users might have to disable this whitelisting stuff. Who would > control the grant of signing ability? > Agree that implementing the signing infrastructure behind the capability would be a challenge. Not saying that is trivial. Such an infrastructure would have some kind of "registered" release agent for each package that one would want to install. Maybe at first there would be two kinds of packages...those signed by a registered release agent (meaning there is some level of trust behind them), and those not signed (no trust). The end-user could choose what to install and be allowed to run. Back to the original question...has anyone developed a "trusted loader" for Linux? Dave McGuffey Principal Information System Security Engineer // NSA-IEM, NSA-IAM SAIC, IISBU, Columbia, MD -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
