Linux Secure Autorun.sh.pgp?
Posted Jul 2, 2005 2:47 UTC (Sat) by AnswerGuy
Parent article: Attack of the killer iPods
I find myself pondering the notion of a Linux hotplug script that could do something like run a GPG signature check on a detached autorun.sh (or autorun-linux.sh) signature against a specific key ring; and then run said script if (and only if) that signature was valid.
So I have /etc/autorun-linux/keyring.gpg and plugging in a USB drive (or other removable media) invokes hotplug (or some autofs behavior) which runs my script; which checks for an executable of the right name *and a detached signature* and, if the signature check is good, runs it (as root or, optionally, as some other user --- subject to some settings --- perhaps in an /etc/autorun-linux/conf file).
Seems like it gives one all the convenience of autorun files (I could even have a conf setting that allows me to run unsigned autorun files as a specific 'noboby" user; perhaps even allowing that to pop up an xnest window which, in turn, can run any GUI stuff it wants in its (nested) X server while limiting the access of the xnest client to the user's own X server. (That last might require some specially limited Xnest --- perhaps some sort of Xnest-secure or Xnest-untrusted program).
At the same time it seems reasonably secure.
I must be missing something; it seems too easy.
The simple case seems like it could be implemented as a simple shell script.
to post comments)