|| ||Johannes Schlumberger <email@example.com>|
|| ||[PATCH] signed binaries support [0/4]|
|| ||Thu, 21 Jun 2007 17:55:16 +0200|
We (two students of CS) built a system for signing binaries and verifying them
before executing. Our main focus was to implement a way to inhibit execution
of suid-binaries, which are not trustworthy (i.e. not signed). Of course this
can also be used to grant other access rights, capabilities, etc.
The signature (e.g. HMAC-SHA1 with a shared secret) is stored in extended
filesystem attributes (userland-signing-tool provided) . Depending on the
outcome of our check (performed during exec) a newly introduced flag in
the task_struct is set. To be able to also check libraries, we introduced a
similar flag in the vm_area struct. Depending on the state of the flag, the
suid/sgid bit on the file is honored or ignored. If a process behaves badly
(e.g mapping executable memory writable or loading an untrusted library) it
is handled appropriately (killed in our current implementation).
In the current state our code is of course very expermimental and should be
handled with care.
We mainly seek comments, suggestions and wisdom before we tackle the more
difficult tasks, like proper signatures (public-key-systems, etc.).
Johannes Schlumberger Department of Computer Science IV
Martensstrasse 1 D-91058 Erlangen Germany University of Erlangen-Nuremberg
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/