From owner-freebsd-hackers  Sun May 31 14:49:06 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA27589
          for freebsd-hackers-outgoing; Sun, 31 May 1998 14:49:06 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from monk.via.net (monk.via.net [209.81.9.10])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA27580
          for <freebsd-hackers@FreeBSD.ORG>; Sun, 31 May 1998 14:48:57 -0700 (PDT)
          (envelope-from joe@via.net)
Received: (from joe@localhost) by monk.via.net (8.6.11/8.6.12) id OAA25397 for freebsd-hackers@FreeBSD.ORG; Sun, 31 May 1998 14:48:18 -0700
Date: Sun, 31 May 1998 14:48:18 -0700
From: Joe McGuckin <joe@via.net>
Message-Id: <199805312148.OAA25397@monk.via.net>
To: freebsd-hackers@FreeBSD.ORG
Subject: Re: Signed executables, safe delete etc.
X-Sun-Charset: US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


I've thought about this in the past - specifically as it would apply to 
a firewall machine. If binaries could be signed with with a key, and
the kernel exec routine required that a proper key be decryped before 
loading the program, this would eliminate someone hacking onto a 
firewall and using it as a platform for further mischief. Generally, they 
like to bring over a toolkit of snooping programs written in 'C'.

Even though they could compile their nifty toolset, nothing would execute
because they couldn't properly sign their binaries.

Of course, the signing program would have to reside on a floppy or other 
removable media. I don't think it would be wise to leave it on the 
system.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message