From owner-freebsd-security Sun Jun 20 0:17:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 7C1B114A12 for ; Sun, 20 Jun 1999 00:17:48 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id JAA12391; Sun, 20 Jun 1999 09:16:47 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Nicholas Brawn Cc: "Brian W. Buchanan" , Darren Reed , freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch In-reply-to: Your message of "Sun, 20 Jun 1999 17:13:27 +1000." Date: Sun, 20 Jun 1999 09:16:46 +0200 Message-ID: <12389.929863006@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Nichol as Brawn writes: >On Sat, 19 Jun 1999, Brian W. Buchanan wrote: > >> Anyway, this all boils down to a matter of choice. If you value being >> able to restart daemons without rebooting, then don't use this level of >> protection. > >Here's an idea i'll toss into the ring. What about runtime integrity >checks. If there were some way of guaranteeing that a program being >executed has the correct checksum prior to processing execve()? > >I'm not advocating this line of approach, but it may be one option to >consider. I actually thought of that at one point: You load a bunch of approved md5 sums into the kernel, set a flag and then only binaries which are on the list can be executed. Trouble is that shared libs needs to be checked too and they're handled in userland. Of cource static binaries could be made mandatory. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message