Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 31 May 1998 09:34:54 +0000 (GMT)
From:      Terry Lambert <tlambert@primenet.com>
To:        abial@nask.pl (Andrzej Bialecki)
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: Signed executables, safe delete etc.
Message-ID:  <199805310934.CAA19826@usr04.primenet.com>
In-Reply-To: <Pine.NEB.3.95.980530015011.17272D-100000@korin.warman.org.pl> from "Andrzej Bialecki" at May 30, 98 02:15:42 am

next in thread | previous in thread | raw e-mail | index | archive | help
> You can wonder what all this is for: it helps to ensure that no element of
> the system has been changed without you knowing it. It could be performed
> during startup of the system, and/or just before executing each binary (as
> far as I understand it, ELF allows to put pretty arbitrary sections into
> the binary). Moreover, this helps to ensure that the system won't boot
> without proper authorization, and even if someone steals it, it could
> refuse to give in (this would require encrypting the disk contents, of
> course - that's why I said about bootblocks...).

VMS will not mark an executable as executable unless the VMS linker is
the program that created the file.

In general, the VMS mechanism prevents programs without SYSPRIV from
generating programs that can be loaded as executable.  The mechanism
prevents the common case in BSD-land of LISP and other binaries that
extend the data space of executables with code.

Typically, this is a bad trade-off, favoring security over usability.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805310934.CAA19826>