On Thu, Apr 03, 2008 at 01:46:39PM +0200, Ivan Voras wrote: > Roland Smith wrote: > > On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote: > >> Does FreeBSD have support for digitally signed binary checking, similar to > >> what Linux has with bsign and DigSig, where system binaries are signed and > >> this signature is verified before being run in the kernel? > > > > If an attacker can modify binaries, he already has root privileges. In > > that case, what will stop him from creating a new pgp key and re-sign > > his doctered binaries? > > > >> This would be very useful to have to further tighen-down the system. > > > > As an alternative, on FreeBSD you can set the system immutable flag on > > binaries (see chflags(1)), and set the securelevel > 0. See > > init(8). Once this is set, not even root can undo this. You have to > > reboot to reset the securelevel to -1. > > Signing binaries could be naturally tied in with securelevel, where some > securelevel (1?) would mean kernel no longer accepts new keys.
If you set the system immutable flag on the binaries, you cannot modify them at all at securelevel >0. Signing the binaries would be pointless in that case. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
pgpWbasT2kYxd.pgp
Description: PGP signature