Date: Fri, 04 Apr 2008 10:58:40 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-stable@freebsd.org Subject: Re: Digitally Signed Binaries w/ Kernel support, etc. Message-ID: <ft4qk0$ub9$2@ger.gmane.org> In-Reply-To: <20080403164108.GA12190@slackbox.xs4all.nl> References: <47F3DA07.4020209@forrie.com> <20080402203859.GB80314@slackbox.xs4all.nl> <ft2g30$7i7$2@ger.gmane.org> <20080403164108.GA12190@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig138D3908615125147D536978 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Roland Smith wrote: > On Thu, Apr 03, 2008 at 01:46:39PM +0200, Ivan Voras wrote: >> Roland Smith wrote: >>> On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote: >>>> Does FreeBSD have support for digitally signed binary checking, simi= lar to=20 >>>> what Linux has with bsign and DigSig, where system binaries are sign= ed and=20 >>>> this signature is verified before being run in the kernel? >>> If an attacker can modify binaries, he already has root privileges. I= n >>> that case, what will stop him from creating a new pgp key and re-sign= >>> his doctered binaries? >>> >>>> This would be very useful to have to further tighen-down the system.= >>> As an alternative, on FreeBSD you can set the system immutable flag o= n >>> binaries (see chflags(1)), and set the securelevel > 0. See >>> init(8). Once this is set, not even root can undo this. You have to >>> reboot to reset the securelevel to -1. >> Signing binaries could be naturally tied in with securelevel, where so= me >> securelevel (1?) would mean kernel no longer accepts new keys. >=20 > If you set the system immutable flag on the binaries, you cannot modify= them at > all at securelevel >0. Signing the binaries would be pointless in that = case. I think these are separate things. Modifying binaries is separate from introducing new binaries. SCHG would prevent the former, but not the latt= er. Of course, with the popularity of various scripting languages it's not as useful as it could be on the first thought. --------------enig138D3908615125147D536978 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH9e3AldnAQVacBcgRAgfYAJ4zRZ5H8WK8ut8GtFiUvARK3TrGLACg/DjF YARgCw1RET5gHt69kSywPpg= =OoQ8 -----END PGP SIGNATURE----- --------------enig138D3908615125147D536978--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ft4qk0$ub9$2>