Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

From: Arjan van de Ven <arjan@xxxxxxxxxxxxx>
Date: Fri, 28 Apr 2006 19:53:51 +0200

On Fri, 2006-04-28 at 11:29 -0500, Serge E. Hallyn wrote:

Quoting Arjan van de Ven (arjan@xxxxxxxxxxxxx):

A one time effort to write it *and sign it*.

you don't sign nor need to sign perl or bash scripts. Why would a loader
be written in ELF itself? There's absolutely no reason for that.

Yup, that's an unfortunate shortcoming. We'd been wanting to re-post to
lkml for a long time to get ideas to fix that.

I had an extension to digsig earlier which enabled signing shellscripts
using xattrs (just because it was a trivial task), but that's clearly
insufficient as it would catch "./myscript.pl" but not "perl
myscript.pl".

there is a worse one:

perl < somefile

or

wget -O - <url> | perl

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

References:
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Nix
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Axelle Apvrille
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Ulrich Drepper
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Serge E. Hallyn
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Arjan van de Ven
- Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
  - From: Serge E. Hallyn

Prev by Date: Re: [PATCH] s390: Hypervisor File System
Next by Date: Re: initcall warnings in 2.6.17
Previous by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
Next by thread: Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
Index(es):
- Date
- Thread

Relevant Pages

Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
... you don't sign nor need to sign perl or bash scripts. ... Why would a loader ... be written in ELF itself? ... There's absolutely no reason for that. ...
(Linux-Kernel)
Re: Reading HTTP response body that is gzipd *and* in UTF-8
... The reason I'm not using PerlIO::gzip is mostly just ignorance. ... BM> anything that's visible at the Perl level. ... BM> meaningless to apply gzip to a stream of characters. ... BM> Encode the value of the charset MIME parameter). ...
(comp.lang.perl.misc)
Re: Snowy ASCII roguelike demo video
... beginning stages of writing a Perl RL, but I want to use PNG tiles, ... both SDL and OpenGL in Perl, but had tons of issues -- I couldn't get ... but for whatever reason I ... What kind of roguelike are you writing? ...
(rec.games.roguelike.development)
Re: Beautiful Python
... and I've stumbled across something that's sort of annoying and wanted to find out of there was a good reason behind it. ... In a Perl program when you're calling other modules you'll add "use" statements at the ... Is there a sound reason for putting the imports ... there are are developers just loading modules in as they need them. ...
(comp.lang.python)
Beautiful Python
... and I've stumbled across something that's sort of annoying and wanted ... to find out of there was a good reason behind it. ... In a Perl program ... there are are developers just loading modules in as they need them. ...
(comp.lang.python)