From: Chris Wright <chrisw@osdl.org>
To: Makan Pourzandi <Makan.Pourzandi@ericsson.com>
Cc: linux-kernel@vger.kernel.org,
Axelle Apvrille <axelle.apvrille@trusted-logic.fr>,
serue@us.ibm.com, david.gordon@ericsson.com, gaspoucho@yahoo.com
Subject: Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries
Date: Thu, 9 Sep 2004 09:24:57 -0700 [thread overview]
Message-ID: <20040909092457.L1973@build.pdx.osdl.net> (raw)
In-Reply-To: <41407CF6.2020808@ericsson.com>; from Makan.Pourzandi@ericsson.com on Thu, Sep 09, 2004 at 11:55:34AM -0400
* Makan Pourzandi (Makan.Pourzandi@ericsson.com) wrote:
> Hi all,
>
> DSI development team would like to announce the release 1.3.1 of digsig.
>
> This kernel module helps system administrators control Executable and
> Linkable Format (ELF) binary execution and library loading based on
> the presence of a valid digital signature. The main functionality is
> to help system administrators distinguish applications he/she trusts
> (and therefore signs) from viruses, worms (and other nuisances). It is
> based on the Linux Security Module hooks.
>
> The code is GPL and available from:
> http://sourceforge.net/projects/disec/, download digsig-1.3.1. For
> more documentation, please refer to disec.sourcefrge.net.
>
> I hope that it'll be useful to you.
>
> All bug reports and feature requests or general feedback are welcome
> (please CC me or disec-devel@lists.sourceforge.net in your answer or
> feedback to the mailing list).
>
> Regards,
> Makan Pourzandi
>
> Changes from Digsig release 0.2 announced in this mailing list:
> ================================================================
>
> - the verification of signatures for the shared binaries has been
> added.
> - added support for caching of signatures
> - added documentation for digsig
> - added support for revoked signatures
> - support to avoid vulnerability for rewrite of shared
> libraries
Could you elaborate on this one?
> - use sysfs to connect to the module instead of the char device
> - code clean up, and some bug fixes
>
> Future works
> =============
>
> - improving the caching and revocation: it is currently tested
> and will be sent out soon after stability testing
Should be helpful enough to cache result until thing's opened for
writing, or is that what you're doing now?
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2004-09-09 16:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-09 15:55 [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries Makan Pourzandi
2004-09-09 16:24 ` Chris Wright [this message]
2004-09-09 17:23 ` Serge E. Hallyn
2004-09-09 17:42 ` Chris Wright
2004-09-09 18:43 ` Serge E. Hallyn
2004-09-09 17:31 ` Makan Pourzandi
2004-09-09 17:55 ` Chris Wright
2004-09-09 19:05 ` Serge E. Hallyn
2004-09-09 20:40 ` Makan Pourzandi
2004-09-09 21:03 ` Chris Wright
2004-09-09 21:45 ` Serge E. Hallyn
2004-09-10 21:28 ` Chris Wright
2004-09-10 20:53 ` Makan Pourzandi
2004-09-10 21:26 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040909092457.L1973@build.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=Makan.Pourzandi@ericsson.com \
--cc=axelle.apvrille@trusted-logic.fr \
--cc=david.gordon@ericsson.com \
--cc=gaspoucho@yahoo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.