Date: Sun, 31 May 1998 09:34:54 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: abial@nask.pl (Andrzej Bialecki) Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Signed executables, safe delete etc. Message-ID: <199805310934.CAA19826@usr04.primenet.com> In-Reply-To: <Pine.NEB.3.95.980530015011.17272D-100000@korin.warman.org.pl> from "Andrzej Bialecki" at May 30, 98 02:15:42 am
next in thread | previous in thread | raw e-mail | index | archive | help
> You can wonder what all this is for: it helps to ensure that no element of > the system has been changed without you knowing it. It could be performed > during startup of the system, and/or just before executing each binary (as > far as I understand it, ELF allows to put pretty arbitrary sections into > the binary). Moreover, this helps to ensure that the system won't boot > without proper authorization, and even if someone steals it, it could > refuse to give in (this would require encrypting the disk contents, of > course - that's why I said about bootblocks...). VMS will not mark an executable as executable unless the VMS linker is the program that created the file. In general, the VMS mechanism prevents programs without SYSPRIV from generating programs that can be loaded as executable. The mechanism prevents the common case in BSD-land of LISP and other binaries that extend the data space of executables with code. Typically, this is a bad trade-off, favoring security over usability. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805310934.CAA19826>