Proposal for a design for signed kernel/modules/etc
Conrad Meyer
cem at freebsd.org
Mon May 22 00:00:12 UTC 2017
Hi Eric,
On Wed, Mar 29, 2017 at 7:22 PM, Eric McCorkle <eric at metricspace.net> wrote:
>...
> == Specifics ==
>
>...
>
> * A signed ELF will definitely contain a .sign section containing a
> single detached signature in PKCS#7 format with DER encoding.
I'm concerned about the complexity of parsing PKCS#7 (including ASN.1)
in places that need to validate signed objects. In particular, the
kernel (for runtime-loaded objects). Complex parsers are a common
source of security bugs, so PKCS#7 doesn't seem like a good fit for
security-critical code like the kernel syscall interface.
Could a more minimal format take the place of PKCS#7 in .sign sections?
Thanks,
Conrad
More information about the freebsd-security
mailing list