RE: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

Hi Arjan,

I hope I correctly understood your question, DigSig uses LSM hooks to
check the digital signature before loading it, then as long as your elf
loader uses kernel system calls, it's covered by DigSig.

Regards
Makan


-----Original Message-----
From: linux-security-module-owner@xxxxxxxxxxxxxxx
[mailto:linux-security-module-owner@xxxxxxxxxxxxxxx] On
Behalf Of Arjan van de Ven
Sent: April 23, 2006 8:19 AM
To: Makan Pourzandi (QB/EMC)
Cc: linux-kernel@xxxxxxxxxxxxxxx;
linux-security-module@xxxxxxxxxxxxxxx; Serue Hallyen; Axelle
Apvrille; 'disec-devel@xxxxxxxxxxxxxxxxxxxxx'
Subject: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for
run-timeauthentication of binaries

On Fri, 2006-04-21 at 09:56 +0000, Makan Pourzandi wrote:
Hi,

Digsig development team would like to announce the release
1.5 of digsig.

This kernel module helps system administrators control
Executable and
Linkable Format (ELF) binary execution and library loading based on
the presence of a valid digital signature. The main
functionality is
to help system administrators distinguish applications
he/she trusts
(and therefore signs) from viruses, worms (and other
nuisances). It is
based on the Linux Security Module hooks.

does this also prevent people writing their own elf loader in
a bit of perl and just mmap the code ?


-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in the body of a message to
majordomo@xxxxxxxxxxxxxxx More majordomo info at
http://vger.kernel.org/majordomo-info.html

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Quantcast