From owner-freebsd-security  Thu Dec 24 14:56:27 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA01546
          for freebsd-security-outgoing; Thu, 24 Dec 1998 14:56:27 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from trooper.velocet.ca (host-034.canadiantire.ca [209.146.201.34])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA01538
          for <freebsd-security@FreeBSD.ORG>; Thu, 24 Dec 1998 14:56:18 -0800 (PST)
          (envelope-from dgilbert@trooper.velocet.ca)
Received: (from dgilbert@localhost)
	by trooper.velocet.ca (8.8.7/8.8.7) id RAA06040;
	Thu, 24 Dec 1998 17:55:44 -0500 (EST)
From: David Gilbert <dgilbert@velocet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <13954.50798.838080.934663@trooper.velocet.ca>
Date: Thu, 24 Dec 1998 17:55:42 -0500 (EST)
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: Casper <casper@acc.am>,
        "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: Re: Magic
In-Reply-To: <xzppv99xlhz.fsf@flood.ping.uio.no>
References: <3682A65B.8CFB144F@acc.am>
	<xzppv99xlhz.fsf@flood.ping.uio.no>
X-Mailer: VM 6.62 under Emacs 19.34.2
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>>>>> "Dag-Erling" == Dag-Erling Smorgrav <des@flood.ping.uio.no> writes:

Dag-Erling> Search the archives - there was a thread two or three
Dag-Erling> months back about randomizing syscall numbers to make it
Dag-Erling> hard for intruders to execute foreign executables.

I've thought for some time that requiring a signature on binaries
before execution would be a cool idea.  Obviously, this would slow
execution by some factor (although binaries could be cached as already
checked), but on secure systems it would be worth it.

To go farter, you could require suid executables and executables that
run as certain users to be singed by more trusted keys.  You might put
more stringent restrictions on what root can run than other users, and
still different restrictions on what executables can change their
userid.

Dave.

-- 
============================================================================
|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       dgilbert@velocet.net             |  equal if and only if they |
|http://www.velocet.net/~dgilbert             |   are precisely opposite.  |
=========================================================GLO================

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message