Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

Hi all,

Just my few cents on signed binaries and DigSig. It's
kind of a very partial reply to several parts of
various emails (Arjan, Ulrich, Nix ...), sorry for
that ;-)

1- "does this also prevent people writing their own
elf loader in a bit of perl and just mmap the code"

I'm not sure to exactly understand what you mean:

- if you mean writing an application able to read &
'interpret' an ELF executable: again, I think DigSig
will prevent this, because when you mmap the code,
this calls (at kernel level) do_mmap which triggers an
LSM hook called file_mmap. And we implement checks in
that hook...

- if you mean modifying the ELF loader so that do_mmap
/ file_mmap aren't called, well you'll need to hack
the kernel, won't you ?

- finally, note you also have choice not to sign this
elf loader of yours. If it isn't signed, it won't ever
run ;-)

2- "You will never get 100% protection from a
mechanism like signed binaries"

Sure. I entirely agree though, if we're honest, *no*
system is ever a 100 % protection ;-)
I think our paper (http://disec.sourceforge.net/ or
http://www.usenix.org/events/lisa04/tech/apvrille.html)
is clear about what we mean to protect and what we do
not, and IMHO,
in security, we cannot expect more of any system.

3- "I've found signed binaries principally useful on
stripped-down firewalls and firewall UML instances"

Indeed. I foresee use of DigSig for hosts that are not
meant to change 'too' often (for example, not
a developer or a user desktop - although I do
personnally have DigSig on mine ;-)) ). Stripped-down
servers or firewalls are good example (and they do
indeed represent a big niche). BTW, I also
foresee use of DigSig in small embedded systems, and
actually, in that area, I heard of Umbrella,
an open source project using DigSig (I don't know the
status).

Hope this helps !
Best regards,

Axelle.
DigSig - http://disec.sourceforge.net

___________________________________________________________________________
Nouveau : téléphonez moins cher avec Yahoo! Messenger. Appelez le monde entier à partir de 0,012 ?/minute !
Téléchargez sur http://fr.messenger.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Follow-Ups:
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: "Ulrich Drepper" <[email protected]>
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Chris Boot <[email protected]>
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Arjan van de Ven <[email protected]>

References:
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Nix <[email protected]>

Prev by Date: Re: Compiling C++ modules
Next by Date: Re: [RFC][PATCH 0/11] security: AppArmor - Overview
Previous by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
Next by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]