Digitally Signed Binaries w/ Kernel support, etc.

Ivan Voras ivoras at
Thu Apr 3 11:50:07 UTC 2008

Roland Smith wrote:
> On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
>> Does FreeBSD have support for digitally signed binary checking, similar to 
>> what Linux has with bsign and DigSig, where system binaries are signed and 
>> this signature is verified before being run in the kernel?
> If an attacker can modify binaries, he already has root privileges. In
> that case, what will stop him from creating a new pgp key and re-sign
> his doctered binaries?
>> This would be very useful to have to further tighen-down the system.
> As an alternative, on FreeBSD you can set the system immutable flag on
> binaries (see chflags(1)), and set the securelevel > 0. See
> init(8). Once this is set, not even root can undo this. You have to
> reboot to reset the securelevel to -1.

Signing binaries could be naturally tied in with securelevel, where some
securelevel (1?) would mean kernel no longer accepts new keys.

> The only weakness is that the securelevel is set quite late in the boot
> process. An attacker could compromise the system if he gets access
> before the securelevel is set.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-stable mailing list