Digitally Signed Binaries w/ Kernel support, etc.
Ivan Voras
ivoras at freebsd.org
Thu Apr 3 11:50:07 UTC 2008
Roland Smith wrote:
> On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote:
>> Does FreeBSD have support for digitally signed binary checking, similar to
>> what Linux has with bsign and DigSig, where system binaries are signed and
>> this signature is verified before being run in the kernel?
>
> If an attacker can modify binaries, he already has root privileges. In
> that case, what will stop him from creating a new pgp key and re-sign
> his doctered binaries?
>
>> This would be very useful to have to further tighen-down the system.
>
> As an alternative, on FreeBSD you can set the system immutable flag on
> binaries (see chflags(1)), and set the securelevel > 0. See
> init(8). Once this is set, not even root can undo this. You have to
> reboot to reset the securelevel to -1.
Signing binaries could be naturally tied in with securelevel, where some
securelevel (1?) would mean kernel no longer accepts new keys.
> The only weakness is that the securelevel is set quite late in the boot
> process. An attacker could compromise the system if he gets access
> before the securelevel is set.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080403/74da2b7a/signature.pgp
More information about the freebsd-stable
mailing list