Dailydave mailing list archives
Re: Default Deny on Executables
From: miah <miah () chia-pet org>
Date: Wed, 14 Sep 2005 11:10:13 -0400
On Wed, Sep 14, 2005 at 08:35:04AM -0400, Dave Aitel wrote:
By default your box can come from Dell only running EXE's that are signed by vendors you trust. This wouldn't be a bad idea for a GRSec'd distribution either, imo. If you assume that you can trust the kernel (which is a pretty big assumption, but not everyone is Paul Starzetz) you can do similar stuff without special hardware, I think. :> -dave
DigSig has basically done this. I've never tried it out, but I'd be interested to hear opinions of those that have. http://disec.sourceforge.net/ # DigSig. This is a Linux kernel module, which checks RSA digital # signatures of ELF binaries and libraries before they are run. # Binaries are to be signed with BSign. -miah
Current thread:
- Re: Re: Hacking's American as Apple Cider, (continued)
- Re: Re: Hacking's American as Apple Cider Drsolly (Sep 10)
- Re: Re: Hacking's American as Apple Cider Marcus J. Ranum (Sep 10)
- Re: Re: Hacking's American as Apple Cider Nigel Houghton (Sep 10)
- Re: Re: Hacking's American as Apple Cider halvar (Sep 11)
- Re: Re: Hacking's American as Apple Cider ol (Sep 11)
- Re: Re: Hacking's American as Apple Cider Nate McFeters (Sep 11)
- Re: Re: Hacking's American as Apple Cider Drsolly (Sep 10)
- Re: Re: Hacking's American as Apple Cider Nick Drage (Sep 14)
- Re: Re: Hacking's American as Apple Cider pageexec (Sep 14)
- Re: Default Deny on Executables Dave Aitel (Sep 14)
- Re: Default Deny on Executables miah (Sep 14)
- Re: Default Deny on Executables Simon B (Sep 14)
- Re: Default Deny on Executables Kurt Seifried (Sep 14)
- RE: Default Deny on Executables Sash (Sep 14)
- Re: Default Deny on Executables Eduardo Tongson (Sep 14)