From owner-freebsd-questions@FreeBSD.ORG Tue Apr 1 17:58:18 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D14310656EE for ; Tue, 1 Apr 2008 17:58:18 +0000 (UTC) (envelope-from faldrich@dce.harvard.edu) Received: from forrie.com (demon.dce.harvard.edu [140.247.198.85]) by mx1.freebsd.org (Postfix) with ESMTP id 509158FC16 for ; Tue, 1 Apr 2008 17:58:13 +0000 (UTC) (envelope-from faldrich@dce.harvard.edu) X-Envelope-From: faldrich@dce.harvard.edu X-Envelope-To: X-Originating-IP: 140.247.198.51 Received: from dhcp-103-0-35.de-dhcp.harvard.edu (dce-gw.harvard.edu [140.247.198.51]) (authenticated as=forrie@forrie.com bits=0) by forrie.com (envelope-from faldrich@dce.harvard.edu) (8.14.2/8.14.2) with ESMTP id m31HjKKI066746 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 1 Apr 2008 13:45:26 -0400 (EDT) Message-ID: <47F274AF.6050303@dce.harvard.edu> Date: Tue, 01 Apr 2008 13:45:19 -0400 From: Forrest Aldrich User-Agent: Thunderbird 2.0.0.14pre (Macintosh/20080331) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.92.1/6529/Tue Apr 1 12:25:48 2008 on mail.forrie.com X-Virus-Status: Clean Subject: Signed binary support in the kernel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2008 17:58:20 -0000 Does FreeBSD support signed binaries - similar to what other (Linux, that I've seen) systems can do where the kernel will refuse to run the binary unless it's passes a digital signature test. I'm curious about how this works, if (and how) it could be implemented to help lock down a given system. Thanks.