From owner-freebsd-stable@FreeBSD.ORG Thu Apr 3 16:41:11 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D26B106567A for ; Thu, 3 Apr 2008 16:41:11 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr3.xs4all.nl (smtp-vbr3.xs4all.nl [194.109.24.23]) by mx1.freebsd.org (Postfix) with ESMTP id F03038FC1E for ; Thu, 3 Apr 2008 16:41:10 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr3.xs4all.nl (8.13.8/8.13.8) with ESMTP id m33Gf9bR002413; Thu, 3 Apr 2008 18:41:09 +0200 (CEST) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id E40B3B82D; Thu, 3 Apr 2008 18:41:08 +0200 (CEST) Date: Thu, 3 Apr 2008 18:41:08 +0200 From: Roland Smith To: Ivan Voras Message-ID: <20080403164108.GA12190@slackbox.xs4all.nl> Mail-Followup-To: Ivan Voras , freebsd-stable@freebsd.org References: <47F3DA07.4020209@forrie.com> <20080402203859.GB80314@slackbox.xs4all.nl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l" Content-Disposition: inline In-Reply-To: X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.17 (2007-11-01) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-stable@freebsd.org Subject: Re: Digitally Signed Binaries w/ Kernel support, etc. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2008 16:41:11 -0000 --XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 03, 2008 at 01:46:39PM +0200, Ivan Voras wrote: > Roland Smith wrote: > > On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote: > >> Does FreeBSD have support for digitally signed binary checking, simila= r to=20 > >> what Linux has with bsign and DigSig, where system binaries are signed= and=20 > >> this signature is verified before being run in the kernel? > >=20 > > If an attacker can modify binaries, he already has root privileges. In > > that case, what will stop him from creating a new pgp key and re-sign > > his doctered binaries? > >=20 > >> This would be very useful to have to further tighen-down the system. > >=20 > > As an alternative, on FreeBSD you can set the system immutable flag on > > binaries (see chflags(1)), and set the securelevel > 0. See > > init(8). Once this is set, not even root can undo this. You have to > > reboot to reset the securelevel to -1. >=20 > Signing binaries could be naturally tied in with securelevel, where some > securelevel (1?) would mean kernel no longer accepts new keys. If you set the system immutable flag on the binaries, you cannot modify the= m at all at securelevel >0. Signing the binaries would be pointless in that case. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) iEYEARECAAYFAkf1CKQACgkQEnfvsMMhpyUIZwCgimdDpoEgUWY9pKy/Zzm3VWDW ymoAnArmt7EXjRhmtXwl5qRzxvDG8kDQ =svlB -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l--