Date: Wed, 30 Aug 2006 21:01:39 +0200 From: Max Laier <max@love2party.net> To: trustedbsd-discuss@freebsd.org Subject: Re: Kernel module to deny execution of unsigned binaries? Message-ID: <200608302101.46323.max@love2party.net> In-Reply-To: <e782d7390608301128s53c02cedhb73f12a590d2798d@mail.gmail.com> References: <e782d7390608301128s53c02cedhb73f12a590d2798d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3949581.yMr7S2Cimt Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 30 August 2006 20:28, 473219@googlemail.com wrote: > Is it possible in TrustedBSD to prevent the execution of binaries > whose path names + checksums are not listed in an "Approved" list? There is some code from Christian (CCed) here:=20 http://perforce.freebsd.org/depotTreeBrowser.cgi?FSPC=3D//depot/projects/tr= ustedbsd/mac/sys/security/mac%5fchkexec&HIDEDEL=3DNO AFAIR, it uses extended attributes to store a hash of the executeable that= =20 is checked upon execution. Certainly Christian has more details and a=20 status. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart3949581.yMr7S2Cimt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBE9eCaXyyEoT62BG0RAj/XAJ9HKW8wFzYUf0u1wnGqLbfPvxHalgCffK79 8bvWWmhN5KYLJ9+xnKQ3Cj0= =8QjV -----END PGP SIGNATURE----- --nextPart3949581.yMr7S2Cimt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608302101.46323.max>