Sorry for replying to an old mail here, but there's an important point that was unanswered so far ...
Torfinn Ingolfsen wrote: > David Schwartz wrote: > > > He would face a chicken and egg problem. To make a signed executable > > to set his key to be accepted, he would need his key to already be > > accepted. > > Uhm, if the attacker managed to get a hole in the sustem and get > in, he / she will surely manage to get the necessary tools (a signed > binrary) onto the system. As an added bonus, this is a binary he > created himself, so it works with his key. That wouldn't work. How is he going to sign a binary if he doesn't have the private key? When you set up a system with signed binaries, you usually store the private key somewhere else (on a floppy, USB stick or whatever). Maybe it could even be just a pass- phrase that only exists in the admin's mind, but not on any physical media. So an attacker _cannot_ create a binary with a valid signature. Of course, the kernel doesn't contain the private key either, because you only need the public key to verify the signature. I agree with Peter Wemm: There are legitimate uses for signed binaries. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Life is short (You need Python)" -- Bruce Eckel, ANSI C++ Comitee member, author of "Thinking in C++" and "Thinking in Java" _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
