Date: Thu, 10 Apr 2008 07:13:35 -0700 From: "Peter Wemm" <peter@wemm.org> To: "Ivan Voras" <ivoras@freebsd.org>, freebsd-stable@freebsd.org Subject: Re: Digitally Signed Binaries w/ Kernel support, etc. Message-ID: <e7db6d980804100713o4eec1a89s5ec755b5066e4082@mail.gmail.com> In-Reply-To: <20080404165541.GA675@slackbox.xs4all.nl> References: <47F3DA07.4020209@forrie.com> <20080402203859.GB80314@slackbox.xs4all.nl> <ft2g30$7i7$2@ger.gmane.org> <20080403164108.GA12190@slackbox.xs4all.nl> <ft4qk0$ub9$2@ger.gmane.org> <20080404165541.GA675@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 4, 2008 at 9:55 AM, Roland Smith <rsmith@xs4all.nl> wrote: > On Fri, Apr 04, 2008 at 10:58:40AM +0200, Ivan Voras wrote: > > >> Signing binaries could be naturally tied in with securelevel, where some > > >> securelevel (1?) would mean kernel no longer accepts new keys. > > > > > > If you set the system immutable flag on the binaries, you cannot modify them at > > > all at securelevel >0. Signing the binaries would be pointless in that case. > > > > I think these are separate things. Modifying binaries is separate from > > introducing new binaries. SCHG would prevent the former, but not the latter. > > If you set the SCHG flag on the directories in $PATH, you can't put > anything new there as well. There's nothing magical about $PATH. A person could put a malicious binary in /tmp or $HOME and run it with /tmp/crashme or whatever. Sure, you could set SCHG on every single writeable directory on the system to prevent any files being created. MNT_NOEXEC might be an option. The existence of script languages or even scriptable binaries does diminish the strength of a lockdown, but it depends on what you're trying to achieve. eg: If you're trying to prevent your users from downloading a self-built irc client or bot and running it, then yes, requiring signed binaries would be useful. In any case, there are legitimate uses for signed binaries. But I'm not volunteering to do it. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell **WANTED TO BUY: Garmin Streetpilot 2650 or 2660. Not later model! **
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e7db6d980804100713o4eec1a89s5ec755b5066e4082>