On Mon, May 03, 2004 at 10:13:29AM +0200, Andreas Kotes wrote: > hm. thinking of that, ELF signing might help for only part of the > system. nonetheless, having /sbin/init, the interpreters, basic system > utilities (fbset, fdisk, e2fsck) verifyable without having to run a > full-blown file modification system might be desirable ..
I wrote a program to do this some time ago. It's in called bsign. While the idea is sound, there are some important hurdles for having it make a difference. Aside from gpg bugs that were, last time I checked, still preventing the public key from resiging on RO media, the crux of the matter is detection. I wrote a script to scan the executables every night and mail results to another machine. You can imaging all of the holes in that scheme. Actually, this is no worse than tripwire except that it doesn't check non-ELF files. It's better than tripwire because it *always* fits on a floppy. A group in Canada was working on a kernel module that could block execution of programs without signatures. I don't know where they stand. Cheers.
