From owner-freebsd-security  Sun Jun 20  0:40:32 1999
Delivered-To: freebsd-security@freebsd.org
Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24])
	by hub.freebsd.org (Postfix) with ESMTP id B02B214E7B
	for <freebsd-security@FreeBSD.ORG>; Sun, 20 Jun 1999 00:40:28 -0700 (PDT)
	(envelope-from avalon@cheops.anu.edu.au)
Received: (from avalon@localhost)
	by cheops.anu.edu.au (8.9.1/8.9.1) id RAA06817;
	Sun, 20 Jun 1999 17:35:34 +1000 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <199906200735.RAA06817@cheops.anu.edu.au>
Subject: Re: proposed secure-level 4 patch
To: phk@critter.freebsd.dk (Poul-Henning Kamp)
Date: Sun, 20 Jun 1999 17:35:33 +1000 (EST)
Cc: ncb@zip.com.au, brian@CSUA.Berkeley.EDU,
	avalon@coombs.anu.edu.au, freebsd-security@FreeBSD.ORG
In-Reply-To: <12389.929863006@critter.freebsd.dk> from "Poul-Henning Kamp" at Jun 20, 99 09:16:46 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Poul-Henning Kamp, sie said:
> 
> In message <Pine.LNX.4.05.9906201710460.17277-100000@zipper.zip.com.au>, Nichol
> as Brawn writes:
> >On Sat, 19 Jun 1999, Brian W. Buchanan wrote:
> >
> >> Anyway, this all boils down to a matter of choice.  If you value being
> >> able to restart daemons without rebooting, then don't use this level of
> >> protection.
> >
> >Here's an idea i'll toss into the ring. What about runtime integrity
> >checks. If there were some way of guaranteeing that a program being
> >executed has the correct checksum prior to processing execve()?
> >
> >I'm not advocating this line of approach, but it may be one option to
> >consider. 
> 
> I actually thought of that at one point:  You load a bunch of approved
> md5 sums into the kernel, set a flag and then only binaries which 
> are on the list can be executed.  Trouble is that shared libs needs
> to be checked too and they're handled in userland.  Of cource static
> binaries could be made mandatory.

Sounds just like what's under development for NetBSD right now.  Maybe
you should wait until it's complete there and then import it ?

Darren


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message