From owner-freebsd-stable@FreeBSD.ORG  Wed Apr  2 19:33:31 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9CEB41065677
	for <freebsd-stable@freebsd.org>; Wed,  2 Apr 2008 19:33:22 +0000 (UTC)
	(envelope-from forrie@forrie.com)
Received: from forrie.com (demon.dce.harvard.edu [140.247.198.85])
	by mx1.freebsd.org (Postfix) with ESMTP id 4403E8FC19
	for <freebsd-stable@freebsd.org>; Wed,  2 Apr 2008 19:33:22 +0000 (UTC)
	(envelope-from forrie@forrie.com)
X-Envelope-From: forrie@forrie.com
X-Envelope-To: <freebsd-stable@freebsd.org>
X-Originating-IP: 140.247.198.51
Received: from dhcp-103-0-35.de-dhcp.harvard.edu (dce-gw.harvard.edu
	[140.247.198.51]) (authenticated as=forrie@forrie.com bits=0)
	by forrie.com (envelope-from forrie@forrie.com) (8.14.2/8.14.2) with
	ESMTP id m32JA0gB006636
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-stable@freebsd.org>; Wed, 2 Apr 2008 15:10:06 -0400 (EDT)
Message-ID: <47F3DA07.4020209@forrie.com>
Date: Wed, 02 Apr 2008 15:09:59 -0400
From: Forrest Aldrich <forrie@forrie.com>
User-Agent: Thunderbird 2.0.0.14pre (Macintosh/20080331)
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.92.1/6560/Wed Apr 2 12:54:39 2008 on mail.forrie.com
X-Virus-Status: Clean
Subject: Digitally Signed Binaries w/ Kernel support, etc.
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2008 19:33:36 -0000

Does FreeBSD have support for digitally signed binary checking, similar 
to what Linux has with bsign and DigSig, where system binaries are 
signed and this signature is verified before being run in the kernel?


This would be very useful to have to further tighen-down the system.


Thanks.