> - If binaries were signed with public key crypto, the kernel could
> keep a list of authorized keys. To run your own code, sign it
> yourself (preferably on a "secure" airgapped machine ...)
> The procesing overhead to check keys might be crippling, though,
> if done at every invocation.
Exec is fairly expensive anyway (well, exec isn't, but loading and linking
programs is). As long as the check is reasonably quick most people won't
notice it.
The challenge with this approach is securing the checksum DB. If you let
root change it then you let hackers change it. If you don't, then you
prevent yourself from upgrading tools. (There is a middle ground of
course. Combine this approach with a Securelevel or LOMAC-style approach
for example.)
> Not sure how to use this and allow remote maintenence by root.
You don't. This is a "feature". :)
LOMAC allows you to mark programs as trusted, so you could create an
SNK-type authorization program that was trusted and could do the
administration through that. (I think as soon as a spawned program got
input from the network it would get clobbered, so this is probally harder
than it sounds). Its might be a bad idea though as the more programs are
trusted the lower your security.
> Generic Software Wrappers Toolkit - NAI
> ftp://ftp.tislabs.com/pub/wrappers
> restricitive conditions at present
This is what I'm currently working on. Doesn't support Linux yet. (Er,
I'm doing the Linux support now. Kinda works depending on which days code
you have, but not complete). Very fun stuff IMHO, but very crufty
implimentation.
Doug
-- dougk@tislabs.com dkilpatr@nai.com
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/