Date: Thu, 03 Apr 2008 13:46:39 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-stable@freebsd.org Subject: Re: Digitally Signed Binaries w/ Kernel support, etc. Message-ID: <ft2g30$7i7$2@ger.gmane.org> In-Reply-To: <20080402203859.GB80314@slackbox.xs4all.nl> References: <47F3DA07.4020209@forrie.com> <20080402203859.GB80314@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Roland Smith wrote: > On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote: >> Does FreeBSD have support for digitally signed binary checking, similar to >> what Linux has with bsign and DigSig, where system binaries are signed and >> this signature is verified before being run in the kernel? > > If an attacker can modify binaries, he already has root privileges. In > that case, what will stop him from creating a new pgp key and re-sign > his doctered binaries? > >> This would be very useful to have to further tighen-down the system. > > As an alternative, on FreeBSD you can set the system immutable flag on > binaries (see chflags(1)), and set the securelevel > 0. See > init(8). Once this is set, not even root can undo this. You have to > reboot to reset the securelevel to -1. Signing binaries could be naturally tied in with securelevel, where some securelevel (1?) would mean kernel no longer accepts new keys. > The only weakness is that the securelevel is set quite late in the boot > process. An attacker could compromise the system if he gets access > before the securelevel is set. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH9MOfldnAQVacBcgRAqTaAJ9ipONFQIGOYxYKpbiByRCdEyLQvwCfTCd6 BVj7lJYaNjUWDjFXmO8cuP8= =RAbH -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ft2g30$7i7$2>