Sorry for replying to an old mail here, but there's an
important point that was unanswered so far ...
Torfinn Ingolfsen wrote:
> David Schwartz wrote:
>
> > He would face a chicken and egg problem. To make a signed executable
> > to set his key to be accepted, he would need his key to already
On Thu, Apr 10, 2008 at 04:39:56PM +0200, Kris Kennaway wrote:
[..]
>
> csjp@ had a mac_chkexec module that looks like it was never committed.
>
> http://groups.google.com/group/mailing.freebsd.hackers/msg/074eec7def84c52b
>
> Shouldn't be hard to update it.
>
Just a few notes:
- This isn't r
Peter Wemm wrote:
On Fri, Apr 4, 2008 at 9:55 AM, Roland Smith <[EMAIL PROTECTED]> wrote:
On Fri, Apr 04, 2008 at 10:58:40AM +0200, Ivan Voras wrote:
> >> Signing binaries could be naturally tied in with securelevel, where some
> >> securelevel (1?) would mean kernel no longer accepts new keys
On Fri, Apr 4, 2008 at 9:55 AM, Roland Smith <[EMAIL PROTECTED]> wrote:
> On Fri, Apr 04, 2008 at 10:58:40AM +0200, Ivan Voras wrote:
> > >> Signing binaries could be naturally tied in with securelevel, where some
> > >> securelevel (1?) would mean kernel no longer accepts new keys.
> > >
> > >
On Fri, Apr 04, 2008 at 10:58:40AM +0200, Ivan Voras wrote:
> >> Signing binaries could be naturally tied in with securelevel, where some
> >> securelevel (1?) would mean kernel no longer accepts new keys.
> >
> > If you set the system immutable flag on the binaries, you cannot modify
> > them at
Roland Smith wrote:
> On Thu, Apr 03, 2008 at 01:46:39PM +0200, Ivan Voras wrote:
>> Roland Smith wrote:
>>> On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
Does FreeBSD have support for digitally signed binary checking, similar to
what Linux has with bsign and DigSig, w
On Thu, Apr 03, 2008 at 01:46:39PM +0200, Ivan Voras wrote:
> Roland Smith wrote:
> > On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
> >> Does FreeBSD have support for digitally signed binary checking, similar to
> >> what Linux has with bsign and DigSig, where system binaries ar
On Thu, 03 Apr 2008 04:12:27 -0700
David Schwartz <[EMAIL PROTECTED]> wrote:
> He would face a chicken and egg problem. To make a signed executable
> to set his key to be accepted, he would need his key to already be
> accepted.
Uhm, if the attacker managed to get a hole in the sustem and get
in,
On Wednesday 02 April 2008 21:09:59 Forrest Aldrich wrote:
> Does FreeBSD have support for digitally signed binary checking, similar
> to what Linux has with bsign and DigSig, where system binaries are
> signed and this signature is verified before being run in the kernel?
There is mac_chkexec[1],
Roland Smith wrote:
> On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
>> Does FreeBSD have support for digitally signed binary checking, similar to
>> what Linux has with bsign and DigSig, where system binaries are signed and
>> this signature is verified before being run in the
> On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
> > Does FreeBSD have support for digitally signed binary checking,
> > similar to
> > what Linux has with bsign and DigSig, where system binaries are
> > signed and
> > this signature is verified before being run in the kernel?
On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
> Does FreeBSD have support for digitally signed binary checking, similar to
> what Linux has with bsign and DigSig, where system binaries are signed and
> this signature is verified before being run in the kernel?
If an attacker c
12 matches
Mail list logo
