Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

On 24 Apr 2006, Arjan van de Ven announced authoritatively:
On Mon, 2006-04-24 at 12:27 -0400, Makan Pourzandi (QB/EMC) wrote:
Hi Arjan,

I hope I correctly understood your question, DigSig uses LSM hooks to
check the digital signature before loading it, then as long as your elf
loader uses kernel system calls, it's covered by DigSig.

ok I have to admit that this answer worries me.

how can it be covered? How do you distinguish an elf loader application
(which just uses open + mmap after all) with... say a grep-calling perl
script?

It checks mmap and mprotect with PROT_EXEC, and execve().

As long as you allow apps to mmap (or even just read() a file into
memory).... they can start acting like an elf loader if they chose to do
so. And.. remember it's not the files WITH signature you're protecting
against (which you could check) but the ones WITHOUT. And there are many
of those; and you can't sign ALL files I think, not without going
through really great hoops anyway.

Why not? It's one command with bsign:

bsign -s -I -i / -e /proc

will sign every ELF shared object and executable on the system.

--
`On a scale of 1-10, X's "brokenness rating" is 1.1, but that's only
because bringing Windows into the picture rescaled "brokenness" by
a factor of 10.' --- Peter da Silva
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages