Re: [ANNOUNCE] Release Digsig 1.5: kernel module forrun-timeauthentication of binaries

[Arjan van de Ven]

On Mon, 2006-04-24 at 21:32 +0100, Nix wrote:
> On 24 Apr 2006, Arjan van de Ven announced authoritatively:
> > On Mon, 2006-04-24 at 12:27 -0400, Makan Pourzandi (QB/EMC) wrote:
> >> Hi Arjan, 
> >> 
> >> I hope I correctly understood your question, DigSig uses LSM hooks to
> >> check the digital signature before loading it, then as long as your elf
> >> loader uses kernel system calls, it's covered by DigSig. 
> > 
> > ok I have to admit that this answer worries me.
> > 
> > how can it be covered? How do you distinguish an elf loader application
> > (which just uses open + mmap after all) with... say a grep-calling perl
> > script?
> 
> It checks mmap and mprotect with PROT_EXEC, and execve().

so no jvm's or flash plugins.

and the stack can be executable if the app wants it to be as well...
so it's not all that easy as you make it sound

> will sign every ELF shared object and executable on the system.

but it won't sign the not-really-elf-but-virus-anyway files. 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/