Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-04-24 at 21:32 +0100, Nix wrote:
> On 24 Apr 2006, Arjan van de Ven announced authoritatively:
> > On Mon, 2006-04-24 at 12:27 -0400, Makan Pourzandi (QB/EMC) wrote:
> >> Hi Arjan, 
> >> 
> >> I hope I correctly understood your question, DigSig uses LSM hooks to
> >> check the digital signature before loading it, then as long as your elf
> >> loader uses kernel system calls, it's covered by DigSig. 
> > 
> > ok I have to admit that this answer worries me.
> > 
> > how can it be covered? How do you distinguish an elf loader application
> > (which just uses open + mmap after all) with... say a grep-calling perl
> > script?
> 
> It checks mmap and mprotect with PROT_EXEC, and execve().

so no jvm's or flash plugins.

and the stack can be executable if the app wants it to be as well...
so it's not all that easy as you make it sound

> will sign every ELF shared object and executable on the system.

but it won't sign the not-really-elf-but-virus-anyway files. 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux