Date: Fri, 22 May 1998 11:07:33 +0200 From: Pavol Adamec <palo.adamec@tecton.sk> To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Virus on FreeBSD Message-ID: <01BD8571.D24221F0@PCNTWS1>
next in thread | raw e-mail | index | archive | help
Nicholas Charles Brawn wrote: >You may have a point here. Is there any way you could "sign" a module to >ensure it's authenticity? And on top of that build in an automatic >authentication system within the kernel that rejects lkm's that are not >signed? Perhaps this could be included so as to be performed at one of the >securelevels? There's something little close to what you mean. There are some research OS projects dealing with extensible (micro/nano)kernels. Many of them use some kind of LKM's, varying from SPIN with in-kernel MODULA compiler to systems based on run-time proving of the correctness of the code being loaded. I'm very sorry, that I don't remember the the name, but there is one, that does in-kernel run-time checking of the object code based on the formal description of the instructions. I've read it in an ACM's SIGOPS OSR issue somewhere in 1997 or 1996. I don't have them by the hand at the present, so that's way my answer is so uncertain. Maybe there's someone who could look for it. For those who don't know OSR, have a look at http://www.acm.org/sigops/ ------------------------------------------------------------------- Pavol Adamec AZC, a.s. Kukucinova 22, Bratislava, Slovakia tel: ++421 7 5252688 fax: ++421 7 5252679 email: palo.adamec@tecton.sk ------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BD8571.D24221F0>