I know it maybe it smells a little of DRM, but is anybody considering signed executables/modules.
I know RPM based distros are alread doing this type of thing as far as installing packages.
I think having the system refuse to run anything that might be suspect would be a very good way to increase security, and prevent rootkits in the first place, plus changed binaries would no longer match their signature, so rootkit versions of programs would spit out security violations instead of running.
As long as there is a secure way for adminstrator/user to resign an executable, or import/create new keys. Plus safeguard against executables detecting how they are signed (I'm not sure how this would be done) to avoid DRM like fuctionality.
There would also be levels of signature so an executable signed by a user could only be run by that user, but root would be able to sign for the systems of course the private key would have to be on the system for this to work. It would be the same for importing keys. Root could import for all, and users would import for themselves. Or a particular account other than root could be configured to skip signature tests for developers.
Also if a system needed extra security, all signing/importing could be disabled in such a way it can not be reconfigured without booting single user.
So is this even a good option? Is there to much overhead with all this signature checking? Is it imposible to stop this from being used for DRM. How would this work for non-binary languese (shell, perl, etc)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds