Date: Sun, 20 Jun 1999 09:16:46 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Nicholas Brawn <ncb@zip.com.au> Cc: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU>, Darren Reed <avalon@coombs.anu.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <12389.929863006@critter.freebsd.dk> In-Reply-To: Your message of "Sun, 20 Jun 1999 17:13:27 %2B1000." <Pine.LNX.4.05.9906201710460.17277-100000@zipper.zip.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.LNX.4.05.9906201710460.17277-100000@zipper.zip.com.au>, Nichol as Brawn writes: >On Sat, 19 Jun 1999, Brian W. Buchanan wrote: > >> Anyway, this all boils down to a matter of choice. If you value being >> able to restart daemons without rebooting, then don't use this level of >> protection. > >Here's an idea i'll toss into the ring. What about runtime integrity >checks. If there were some way of guaranteeing that a program being >executed has the correct checksum prior to processing execve()? > >I'm not advocating this line of approach, but it may be one option to >consider. I actually thought of that at one point: You load a bunch of approved md5 sums into the kernel, set a flag and then only binaries which are on the list can be executed. Trouble is that shared libs needs to be checked too and they're handled in userland. Of cource static binaries could be made mandatory. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12389.929863006>