On Tue, 2006-04-25 at 18:11 +0200, Axelle Apvrille wrote:
> Hi all,
>
> Just my few cents on signed binaries and DigSig. It's
> kind of a very partial reply to several parts of
> various emails (Arjan, Ulrich, Nix ...), sorry for
> that ;-)
>
> 1- "does this also prevent people writing their own
> elf loader in a bit of perl and just mmap the code"
>
> I'm not sure to exactly understand what you mean:
>
> - if you mean writing an application able to read &
> 'interpret' an ELF executable: again, I think DigSig
> will prevent this, because when you mmap the code,
> this calls (at kernel level) do_mmap which triggers an
> LSM hook called file_mmap. And we implement checks in
> that hook...
this is not correct, you don't need mmap you can do a read just fine as
well.
> - finally, note you also have choice not to sign this
> elf loader of yours. If it isn't signed, it won't ever
> run ;-)
so you didn't sign perl ? or bash ?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]