Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Apr 2008 18:41:08 +0200
From:      Roland Smith <rsmith@xs4all.nl>
To:        Ivan Voras <ivoras@freebsd.org>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Digitally Signed Binaries w/ Kernel support, etc.
Message-ID:  <20080403164108.GA12190@slackbox.xs4all.nl>
In-Reply-To: <ft2g30$7i7$2@ger.gmane.org>
References:  <47F3DA07.4020209@forrie.com> <20080402203859.GB80314@slackbox.xs4all.nl> <ft2g30$7i7$2@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 03, 2008 at 01:46:39PM +0200, Ivan Voras wrote:
> Roland Smith wrote:
> > On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
> >> Does FreeBSD have support for digitally signed binary checking, simila=
r to=20
> >> what Linux has with bsign and DigSig, where system binaries are signed=
 and=20
> >> this signature is verified before being run in the kernel?
> >=20
> > If an attacker can modify binaries, he already has root privileges. In
> > that case, what will stop him from creating a new pgp key and re-sign
> > his doctered binaries?
> >=20
> >> This would be very useful to have to further tighen-down the system.
> >=20
> > As an alternative, on FreeBSD you can set the system immutable flag on
> > binaries (see chflags(1)), and set the securelevel > 0. See
> > init(8). Once this is set, not even root can undo this. You have to
> > reboot to reset the securelevel to -1.
>=20
> Signing binaries could be naturally tied in with securelevel, where some
> securelevel (1?) would mean kernel no longer accepts new keys.

If you set the system immutable flag on the binaries, you cannot modify the=
m at
all at securelevel >0. Signing the binaries would be pointless in that case.

Roland
--=20
R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (FreeBSD)

iEYEARECAAYFAkf1CKQACgkQEnfvsMMhpyUIZwCgimdDpoEgUWY9pKy/Zzm3VWDW
ymoAnArmt7EXjRhmtXwl5qRzxvDG8kDQ
=svlB
-----END PGP SIGNATURE-----

--XsQoSWH+UP9D9v3l--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080403164108.GA12190>