Date: Thu, 3 Apr 2008 13:49:41 +0200 From: Max Laier <max@love2party.net> To: freebsd-stable@freebsd.org Cc: Forrest Aldrich <forrie@forrie.com>, csjp@freebsd.org Subject: Re: Digitally Signed Binaries w/ Kernel support, etc. Message-ID: <200804031349.41159.max@love2party.net> In-Reply-To: <47F3DA07.4020209@forrie.com> References: <47F3DA07.4020209@forrie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 02 April 2008 21:09:59 Forrest Aldrich wrote: > Does FreeBSD have support for digitally signed binary checking, similar > to what Linux has with bsign and DigSig, where system binaries are > signed and this signature is verified before being run in the kernel? There is mac_chkexec[1], but I'm not sure about its status. > This would be very useful to have to further tighen-down the system. [1]http://perforce.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/trustedbsd/mac/sys/security/mac%5fchkexec&HIDEDEL=NO -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804031349.41159.max>