On Tue, Mar 31, 2015 at 10:10:31AM -0500, Joe Crivello wrote: > I can't think of any other scenarios right now, but I'd be interested to > hear if there is something I'm not thinking of...
Another scenario might be a non-admin user trying to run an unauthorized program. In that case, one could put the user's home directory on a partition mounted with the noexec option, so there would be no need for signing binaries. This still leaves open the problem with interpreted languages that Martin mentioned, but signed binaries won't prevent that either.
