From owner-freebsd-stable@FreeBSD.ORG Thu Apr 3 15:01:16 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5BA91065673 for ; Thu, 3 Apr 2008 15:01:16 +0000 (UTC) (envelope-from torfinn.ingolfsen@broadpark.no) Received: from osl1smout1.broadpark.no (osl1smout1.broadpark.no [80.202.4.58]) by mx1.freebsd.org (Postfix) with ESMTP id 770918FC17 for ; Thu, 3 Apr 2008 15:01:16 +0000 (UTC) (envelope-from torfinn.ingolfsen@broadpark.no) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=US-ASCII Received: from osl1sminn1.broadpark.no ([80.202.4.59]) by osl1smout1.broadpark.no (Sun Java(tm) System Messaging Server 6.3-3.01 (built Jul 12 2007; 32bit)) with ESMTP id <0JYR00KBX8DF5T10@osl1smout1.broadpark.no> for freebsd-stable@freebsd.org; Thu, 03 Apr 2008 17:00:51 +0200 (CEST) Received: from kg-work.kg4.no ([80.202.173.59]) by osl1sminn1.broadpark.no (Sun Java(tm) System Messaging Server 6.3-3.01 (built Jul 12 2007; 32bit)) with SMTP id <0JYR004Z68DE3G74@osl1sminn1.broadpark.no> for freebsd-stable@freebsd.org; Thu, 03 Apr 2008 17:00:51 +0200 (CEST) Date: Thu, 03 Apr 2008 17:00:50 +0200 From: Torfinn Ingolfsen To: freebsd-stable@freebsd.org Message-id: <20080403170050.c0110778.torfinn.ingolfsen@broadpark.no> In-reply-to: References: <20080402203859.GB80314@slackbox.xs4all.nl> X-Mailer: Sylpheed 2.4.8 (GTK+ 2.12.9; i386-portbld-freebsd6.3) X-Face: "t9w2,-X@O^I`jVW\sonI3.,36KBLZE*AL[y9lL[PyFD*r_S:dIL9c[8Y>V42R0"!"yb_zN,f#%.[PYYNq; m"_0v; ~rUM2Yy!zmkh)3&U|u!=T(zyv,MHJv"nDH>OJ`t(@mil461d_B'Uo|'nMwlKe0Mv=kvV?Nh@>Hb<3s_z2jYgZhPb@?Wi^x1a~Hplz1.zH Subject: Re: Digitally Signed Binaries w/ Kernel support, etc. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2008 15:01:16 -0000 On Thu, 03 Apr 2008 04:12:27 -0700 David Schwartz wrote: > He would face a chicken and egg problem. To make a signed executable > to set his key to be accepted, he would need his key to already be > accepted. Uhm, if the attacker managed to get a hole in the sustem and get in, he / she will surely manage to get the necessary tools (a signed binrary) onto the system. As an added bonus, this is a binary he created himself, so it works with his key. > However, I agree that this is kind of pointless. It's like adding > extra locks to the back door when the front door is just as open. > Once someone gets root, odds are they can exploit an executable -- > even if it's signed -- using the same process they used to get root > in the first place. Exactly. PLease use the tools that are already available (securelevel in this case) before thinking up new ones that FreeBSD might or might not "need". Just my 0.2 eurocents. -- Regards, Torfinn Ingolfsen