Date: Thu, 3 Apr 2008 04:12:27 -0700 From: "David Schwartz" <davids@webmaster.com> To: "Forrest Aldrich" <forrie@forrie.com> Cc: freebsd-stable@freebsd.org Subject: RE: Digitally Signed Binaries w/ Kernel support, etc. Message-ID: <MDEHLPKNGKAHNMBLJOLKAEPLLJAC.davids@webmaster.com> In-Reply-To: <20080402203859.GB80314@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote: > > Does FreeBSD have support for digitally signed binary checking, > > similar to > > what Linux has with bsign and DigSig, where system binaries are > > signed and > > this signature is verified before being run in the kernel? > If an attacker can modify binaries, he already has root privileges. In > that case, what will stop him from creating a new pgp key and re-sign > his doctered binaries? The fact that there would be no signed executable that would give him that functionality. In order to tell the kernel to accept his key, he would need some application that did that, and such an application would not be signed. He would face a chicken and egg problem. To make a signed executable to set his key to be accepted, he would need his key to already be accepted. However, I agree that this is kind of pointless. It's like adding extra locks to the back door when the front door is just as open. Once someone gets root, odds are they can exploit an executable -- even if it's signed -- using the same process they used to get root in the first place. Do you have a signed 'rm' on the system? A person with root can do an awful lot of damage with 'rm'. Without 'rm', the system isn't very useful. You can truncate any non-immutable file with just a shell. A machine isn't very useful without a shell. And if the goal is to protect against people who have root (whether by accident or malice), you really didn't want to give them root. DS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MDEHLPKNGKAHNMBLJOLKAEPLLJAC.davids>