On Wed, Sep 01, 2010 at 05:24:21PM -0400, Kenneth Gober wrote: > > it looks like an interesting idea, but I'm not sure what vulnerability it > protects you from.
Stupid things as dumb as someone diddling your path to run a trojan instead of ls, replacing a library file (or doing the same with LD_LIBRARY_PATH) or someone slipping trojans into system files. > if you don't want users to replace system files, it > seems like a better idea to prevent them from being replaced, rather than > allowing replacement but then preventing access. > Partially but veriexec will prevent unknown binaries running if you set the right flags so you are protected from running things that are not part of the validated file set. > not that the 'preventing access' problem is much of an obstacle. the > article I found via google didn't have a lot of details, but it seems like > if you have rights to replace the files, you probably also have rights to > write an updated signature to /dev/veriexec. The signatures are loaded at a low securelevel and once the securelevel is raised new signatures are not allowed to be loaded so you cannot just overwrite signatures. > if you're not going to require > the signatures to themselves be signed I really don't see the point. > Sure, but this requires crypto in the kernel. There are not many respected crypto implementations with an acceptable licence for incorporating into the kernel. > still, if some developer were interested enough to write a diff, there's > nothing stopping them. > Go look for "openbsd stephanie", it existed but was never integrated. -- Brett Lymn "Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer."