Date: Thu, 24 Dec 1998 17:55:42 -0500 (EST) From: David Gilbert <dgilbert@velocet.net> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: Casper <casper@acc.am>, "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Magic Message-ID: <13954.50798.838080.934663@trooper.velocet.ca> In-Reply-To: <xzppv99xlhz.fsf@flood.ping.uio.no> References: <3682A65B.8CFB144F@acc.am> <xzppv99xlhz.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Dag-Erling" == Dag-Erling Smorgrav <des@flood.ping.uio.no> writes: Dag-Erling> Search the archives - there was a thread two or three Dag-Erling> months back about randomizing syscall numbers to make it Dag-Erling> hard for intruders to execute foreign executables. I've thought for some time that requiring a signature on binaries before execution would be a cool idea. Obviously, this would slow execution by some factor (although binaries could be cached as already checked), but on secure systems it would be worth it. To go farter, you could require suid executables and executables that run as certain users to be singed by more trusted keys. You might put more stringent restrictions on what root can run than other users, and still different restrictions on what executables can change their userid. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13954.50798.838080.934663>