Date: Sun, 31 May 1998 14:48:18 -0700 From: Joe McGuckin <joe@via.net> To: freebsd-hackers@FreeBSD.ORG Subject: Re: Signed executables, safe delete etc. Message-ID: <199805312148.OAA25397@monk.via.net>
next in thread | raw e-mail | index | archive | help
I've thought about this in the past - specifically as it would apply to a firewall machine. If binaries could be signed with with a key, and the kernel exec routine required that a proper key be decryped before loading the program, this would eliminate someone hacking onto a firewall and using it as a platform for further mischief. Generally, they like to bring over a toolkit of snooping programs written in 'C'. Even though they could compile their nifty toolset, nothing would execute because they couldn't properly sign their binaries. Of course, the signing program would have to reside on a floppy or other removable media. I don't think it would be wise to leave it on the system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805312148.OAA25397>