Date: Wed, 30 Aug 2006 21:01:39 +0200 From: Max Laier <max@love2party.net> To: trustedbsd-discuss@freebsd.org Subject: Re: Kernel module to deny execution of unsigned binaries? Message-ID: <200608302101.46323.max@love2party.net> In-Reply-To: <e782d7390608301128s53c02cedhb73f12a590d2798d@mail.gmail.com> References: <e782d7390608301128s53c02cedhb73f12a590d2798d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wednesday 30 August 2006 20:28, 473219@googlemail.com wrote: > Is it possible in TrustedBSD to prevent the execution of binaries > whose path names + checksums are not listed in an "Approved" list? There is some code from Christian (CCed) here: http://perforce.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/trustedbsd/mac/sys/security/mac%5fchkexec&HIDEDEL=NO AFAIR, it uses extended attributes to store a hash of the executeable that is checked upon execution. Certainly Christian has more details and a status. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBE9eCaXyyEoT62BG0RAj/XAJ9HKW8wFzYUf0u1wnGqLbfPvxHalgCffK79 8bvWWmhN5KYLJ9+xnKQ3Cj0= =8QjV -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608302101.46323.max>