Date: Sun, 20 Jun 1999 17:35:33 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: phk@critter.freebsd.dk (Poul-Henning Kamp) Cc: ncb@zip.com.au, brian@CSUA.Berkeley.EDU, avalon@coombs.anu.edu.au, freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <199906200735.RAA06817@cheops.anu.edu.au> In-Reply-To: <12389.929863006@critter.freebsd.dk> from "Poul-Henning Kamp" at Jun 20, 99 09:16:46 am
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Poul-Henning Kamp, sie said: > > In message <Pine.LNX.4.05.9906201710460.17277-100000@zipper.zip.com.au>, Nichol > as Brawn writes: > >On Sat, 19 Jun 1999, Brian W. Buchanan wrote: > > > >> Anyway, this all boils down to a matter of choice. If you value being > >> able to restart daemons without rebooting, then don't use this level of > >> protection. > > > >Here's an idea i'll toss into the ring. What about runtime integrity > >checks. If there were some way of guaranteeing that a program being > >executed has the correct checksum prior to processing execve()? > > > >I'm not advocating this line of approach, but it may be one option to > >consider. > > I actually thought of that at one point: You load a bunch of approved > md5 sums into the kernel, set a flag and then only binaries which > are on the list can be executed. Trouble is that shared libs needs > to be checked too and they're handled in userland. Of cource static > binaries could be made mandatory. Sounds just like what's under development for NetBSD right now. Maybe you should wait until it's complete there and then import it ? Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906200735.RAA06817>