Hello! I've stumbled over elfsign (on http://www.hick.org/code.html) a while ago, which is a tool that allows cryptographic in-file signing of the executable and other parts of ELF binaries. I've been pondering about this for a while, and keep on thinking that this would be a great idea for distributions like Debian etc. ...
I'd love to have some discussion about this approaches here, before taking it to individual developers or to the policy team .. What do you think? Signed binaries instead of tools like tripwire or aide et all? There is a tool (elfcmp) which allows to compare on-disk and in-memory ELF files, too ... Kind regards, Count -- Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine! Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of "crackpot" than the stigma of conformity. (Thomas J. Watson) ### OpenPGP key 0x8F94C228
