Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

On Mon, 24 Apr 2006, Arjan van de Ven yowled:
> On Mon, 2006-04-24 at 21:32 +0100, Nix wrote:
>> It checks mmap and mprotect with PROT_EXEC, and execve().
> 
> so no jvm's or flash plugins.

Well, you'll have to sign the flash plugin. This isn't
sign-at-compilation-time; bsign can sign just about anything (although I
guess the Mozilla security shared library, which is itself signed by a
different tool, might pose an interesting conundrum).

> and the stack can be executable if the app wants it to be as well...

Well, yes, but if the app isn't signed the attacker can't run it.
Obviously digsig doesn't close all avenues of attack: you'd use
exec-shield or something of the kind to block off the executable-stack
thing from the majority of apps (and yes, if you flip PT_GNU_STACK you
should resign the app, IIRC).

> so it's not all that easy as you make it sound

Everyone seems to want the One Security Fix To Rule Them All. This
isn't it: it's just one of a myriad of barriers to throw in the
bad guys' way. None of them stop everyone: most of them should
stop most of them.

I'm not trying to keep governments out. If they want in, they'll
*get* in, if need be by breaking in and physically removing the
machine...

>> will sign every ELF shared object and executable on the system.
> 
> but it won't sign the not-really-elf-but-virus-anyway files. 

The idea is that you don't *have* them on there when you do the
initial signing round, and that after that you only sign the
stuff you install yourself (and, of course, that you don't keep
the key on the same machine, or even accessible without physical
actions, I'd hope: that's why I keep mine on a CD-ROM physically
removed from the drive when not signing).

-- 
`On a scale of 1-10, X's "brokenness rating" is 1.1, but that's only
 because bringing Windows into the picture rescaled "brokenness" by
 a factor of 10.' --- Peter da Silva
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Arjan van de Ven <[email protected]>

• References:
  • RE: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: "Makan Pourzandi \(QB/EMC\)" <[email protected]>
  • RE: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Arjan van de Ven <[email protected]>
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Nix <[email protected]>
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    • From: Arjan van de Ven <[email protected]>

• Prev by Date: Re: Linux 2.6.17-rc2 - notifier chain problem?
• Next by Date: Re: [PATCH] x86-64: trivial gart clean-up
• Previous by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
• Next by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]