RE: [ANNOUNCE] Release Digsig 1.5: kernel module forrun-timeauthentication of binaries
From: Makan Pourzandi (QB/EMC)
Date: Mon Apr 24 2006 - 13:30:05 EST
> -----Original Message-----
> From: Arjan van de Ven [mailto:arjan@xxxxxxxxxxxxx]
> Sent: April 24, 2006 12:48 PM
> To: Makan Pourzandi (QB/EMC)
> Cc: linux-kernel@xxxxxxxxxxxxxxx;
> linux-security-module@xxxxxxxxxxxxxxx; Serue Hallyen; Axelle
> Apvrille; disec-devel@xxxxxxxxxxxxxxxxxxxxx
> Subject: RE: [ANNOUNCE] Release Digsig 1.5: kernel module
> forrun-timeauthentication of binaries
> ok I have to admit that this answer worries me.
>
> how can it be covered? How do you distinguish an elf loader
> application (which just uses open + mmap after all) with...
> say a grep-calling perl script?
>
> As long as you allow apps to mmap (or even just read() a file
> into memory).... they can start acting like an elf loader if
> they chose to do so. And.. remember it's not the files WITH
> signature you're protecting against (which you could check)
> but the ones WITHOUT. And there are many of those; and you
Ok, I believe that now I see your point. You're right, to simplify if
your application reads an ELF file and begins to interpret that, Digsig
does not cover that case. For me what you mention here rather concerns
the bahavior of the application, which is not what we intend to
implement here. Digsig functionality is limited to checking the validity
of the signature of your binary when Linux loads it. And, IMO, it should
be used with other security mechanisms and not alone. I believe though
this simple functionality can do much to avoid executing viruses or
other malware on your system.
Regards
Makan
> can't sign ALL files I think, not without going through
> really great hoops anyway.
>
>
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/