Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 03 Apr 2008 13:46:39 +0200
From:      Ivan Voras <ivoras@freebsd.org>
To:        freebsd-stable@freebsd.org
Subject:   Re: Digitally Signed Binaries w/ Kernel support, etc.
Message-ID:  <ft2g30$7i7$2@ger.gmane.org>
In-Reply-To: <20080402203859.GB80314@slackbox.xs4all.nl>
References:  <47F3DA07.4020209@forrie.com> <20080402203859.GB80314@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBB26BF08CA10B130C23DE644
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Roland Smith wrote:
> On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
>> Does FreeBSD have support for digitally signed binary checking, simila=
r to=20
>> what Linux has with bsign and DigSig, where system binaries are signed=
 and=20
>> this signature is verified before being run in the kernel?
>=20
> If an attacker can modify binaries, he already has root privileges. In
> that case, what will stop him from creating a new pgp key and re-sign
> his doctered binaries?
>=20
>> This would be very useful to have to further tighen-down the system.
>=20
> As an alternative, on FreeBSD you can set the system immutable flag on
> binaries (see chflags(1)), and set the securelevel > 0. See
> init(8). Once this is set, not even root can undo this. You have to
> reboot to reset the securelevel to -1.

Signing binaries could be naturally tied in with securelevel, where some
securelevel (1?) would mean kernel no longer accepts new keys.

> The only weakness is that the securelevel is set quite late in the boot=

> process. An attacker could compromise the system if he gets access
> before the securelevel is set.


--------------enigBB26BF08CA10B130C23DE644
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH9MOfldnAQVacBcgRAqTaAJ9ipONFQIGOYxYKpbiByRCdEyLQvwCfTCd6
BVj7lJYaNjUWDjFXmO8cuP8=
=RAbH
-----END PGP SIGNATURE-----

--------------enigBB26BF08CA10B130C23DE644--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ft2g30$7i7$2>