| |||||||||||||
Signed Executables.Signed Executables.Posted Mar 2, 2007 2:57 UTC (Fri) by aashenfe (guest, #12212)Parent article: Hunting for Rootkits
I know it maybe it smells a little of DRM, but is anybody considering signed executables/modules.
I know RPM based distros are alread doing this type of thing as far as installing packages.
I think having the system refuse to run anything that might be suspect would be a very good way to increase security, and prevent rootkits in the first place, plus changed binaries would no longer match their signature, so rootkit versions of programs would spit out security violations instead of running.
As long as there is a secure way for adminstrator/user to resign an executable, or import/create new keys. Plus safeguard against executables detecting how they are signed (I'm not sure how this would be done) to avoid DRM like fuctionality.
There would also be levels of signature so an executable signed by a user could only be run by that user, but root would be able to sign for the systems of course the private key would have to be on the system for this to work. It would be the same for importing keys. Root could import for all, and users would import for themselves. Or a particular account other than root could be configured to skip signature tests for developers.
Also if a system needed extra security, all signing/importing could be disabled in such a way it can not be reconfigured without booting single user.
So is this even a good option? Is there to much overhead with all this signature checking? Is it imposible to stop this from being used for DRM. How would this work for non-binary languese (shell, perl, etc)
(Log in to post comments)
Signed Executables. Posted Mar 2, 2007 6:57 UTC (Fri) by tetromino (subscriber, #33846) [Link] You have basically described a selinux system with a gpg-aware package manager.
Signed Executables. Posted Mar 2, 2007 15:34 UTC (Fri) by aashenfe (guest, #12212) [Link] Very true. SELinux can and probably does provide this and way much more.
I think "way much more" might be the problem.
When I'm looking around for different howto's for certain setups, a number of time it says they disabled SELinux to get the system to work correctly. I try to leave SELinux enabled if I can, but sometimes I still give up and disable it. I'm sure there is a way to configure SELinux correctly, and maybe I'm irresponsible for not figuring it out.
I like the Idea of signed executables because it targets one security question. "Do I let this executable run?" SElinux or AppArmor can then answer the harder to setup question "What do I let this executable do? "
Signed Executables. Posted Mar 2, 2007 10:45 UTC (Fri) by drag (subscriber, #31333) [Link] Remember that you can't trust a root comprimised system to be honest about the checksums and signitures.
A kernel-level rootkit (all non-trivial modern ones are) can make any file it modifies come back with any value or checksum it wants by interecepting system calls and such things from kernel-land.
This is a major problem for Windows since the systems are trivially compromised there is no reliable way a Virus scanner or Anti-adware applicaiton to successfully clean a system.
Signed Executables. Posted Mar 2, 2007 15:09 UTC (Fri) by aashenfe (guest, #12212) [Link] >Remember that you can't trust a root comprimised system to be honest about the checksums and signitures.True, but I was hoping signed executables, and modules would help prevent a kernel level compromise in the first place. At least for the older rootkits that are unaware of the new security.
|
|||||||||||||