Kernel module to deny execution of unsigned binaries?
473219 at googlemail.com
473219 at googlemail.com
Wed Sep 6 18:27:01 PDT 2006
On 31/08/06, Christian S.J. Peron <csjp at freebsd.org> wrote:
> Here are the highlights worth noting for mac_chkexec:
>
> mac_chkexec prevents the execution of (1) binaries, (2) shared objects
> and (3) kernel modules which have been modified (back doored with
> trojans et al). Each binary has a cryptographic checksum associated with
> it, stored as an extended attribute to the file itself.
>
> How it works is when the binary is executed, or when a shared object is
> mmap()'ed into the address space of the process, the kernel calculates
> the checksum of the data, and compares it against the checksum
> referenced by the inode, if the checksums don't match, the policy
> rejects access.
Christian,
Thanks for the info. It sounds quite powerful.
Does this system allow the checksum to be a digital signature instead? A
potential customer has asked that no file be executed unless signed with
their master key, to prove that the executable was issued by their central
office.
The kernel would check that the executable file had a digital signature
signed by the central office - so even if you gained full write access to
the directory, you would be unable to execute your malicious program unless
you had compromised the signer's private key.
Thanks again!
More information about the trustedbsd-discuss
mailing list