Digitally Signed Binaries w/ Kernel support, etc.
olli at lurza.secnetix.de
Wed May 21 17:37:33 UTC 2008
Sorry for replying to an old mail here, but there's an
important point that was unanswered so far ...
Torfinn Ingolfsen wrote:
> David Schwartz wrote:
> > He would face a chicken and egg problem. To make a signed executable
> > to set his key to be accepted, he would need his key to already be
> > accepted.
> Uhm, if the attacker managed to get a hole in the sustem and get
> in, he / she will surely manage to get the necessary tools (a signed
> binrary) onto the system. As an added bonus, this is a binary he
> created himself, so it works with his key.
That wouldn't work. How is he going to sign a binary if
he doesn't have the private key?
When you set up a system with signed binaries, you usually
store the private key somewhere else (on a floppy, USB
stick or whatever). Maybe it could even be just a pass-
phrase that only exists in the admin's mind, but not on
any physical media. So an attacker _cannot_ create a
binary with a valid signature. Of course, the kernel
doesn't contain the private key either, because you only
need the public key to verify the signature.
I agree with Peter Wemm: There are legitimate uses for
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"Life is short (You need Python)"
-- Bruce Eckel, ANSI C++ Comitee member, author
of "Thinking in C++" and "Thinking in Java"
More information about the freebsd-stable