Date: Fri, 4 Apr 2008 18:55:41 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Ivan Voras <ivoras@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: Digitally Signed Binaries w/ Kernel support, etc. Message-ID: <20080404165541.GA675@slackbox.xs4all.nl> In-Reply-To: <ft4qk0$ub9$2@ger.gmane.org> References: <47F3DA07.4020209@forrie.com> <20080402203859.GB80314@slackbox.xs4all.nl> <ft2g30$7i7$2@ger.gmane.org> <20080403164108.GA12190@slackbox.xs4all.nl> <ft4qk0$ub9$2@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 04, 2008 at 10:58:40AM +0200, Ivan Voras wrote: > >> Signing binaries could be naturally tied in with securelevel, where so= me > >> securelevel (1?) would mean kernel no longer accepts new keys. > >=20 > > If you set the system immutable flag on the binaries, you cannot modify= them at > > all at securelevel >0. Signing the binaries would be pointless in that = case. >=20 > I think these are separate things. Modifying binaries is separate from > introducing new binaries. SCHG would prevent the former, but not the latt= er. If you set the SCHG flag on the directories in $PATH, you can't put anything new there as well. > Of course, with the popularity of various scripting languages it's not > as useful as it could be on the first thought. If an intruder want to do real damage with a script, he pretty much has to = be root. In which case you're already fscked. Or the script must contain a viable local root exploit, which amounts to the same thing. As usual, there is a balance between security and usability. Where that balance lies depends on the situation. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --yrj/dFKFPuw6o+aM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) iEYEARECAAYFAkf2XY0ACgkQEnfvsMMhpyWjBgCgoMQMR+Np01KYLsU3SX+AuEgC Sq8AoI5dLg7xkJB1t8yKW1eMkGzjHGSl =9BP7 -----END PGP SIGNATURE----- --yrj/dFKFPuw6o+aM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080404165541.GA675>