Posted Jul 26, 2005 1:12 UTC (Tue) by xoddam
In reply to: Signed binaries
Parent article: OLS: Linux and trusted computing
> Even worse consider that the only protected "code" in this situation are
> machine code binaries and libraries.
Shebang scripts (starting with a line like #!/usr/bin/perl) can have their signatures checked by the kernel's binfmt_script executable loader in exactly the same way as it's done for ELF binaries.
Checking signatures on scripts loaded in other ways (including modules) would need interpreter support. A large job, but not insurmountable.
to post comments)