From: Makan Pourzandi <Makan.Pourzandi@ericsson.com>
To: Chris Wright <chrisw@osdl.org>
Cc: linux-kernel@vger.kernel.org,
Axelle Apvrille <axelle.apvrille@trusted-logic.fr>,
serue@us.ibm.com, david.gordon@ericsson.com, gaspoucho@yahoo.com
Subject: Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries
Date: Thu, 09 Sep 2004 13:31:36 -0400 [thread overview]
Message-ID: <41409378.5060908@ericsson.com> (raw)
In-Reply-To: <20040909092457.L1973@build.pdx.osdl.net>
Hi Chris,
Chris Wright wrote:
> * Makan Pourzandi (Makan.Pourzandi@ericsson.com) wrote:
>>
>>DSI development team would like to announce the release 1.3.1 of digsig.
...
>>
>>Changes from Digsig release 0.2 announced in this mailing list:
>>================================================================
>>
>> - the verification of signatures for the shared binaries has been
>> added.
>> - added support for caching of signatures
>> - added documentation for digsig
>> - added support for revoked signatures
>> - support to avoid vulnerability for rewrite of shared
>> libraries
>
>
> Could you elaborate on this one?
We realized that when a shared library is opened by a binary it can
still be modified. To solve the problem, we block the write access to
the shared binary while it is loaded.
>
>
>> - use sysfs to connect to the module instead of the char device
>> - code clean up, and some bug fixes
>>
>>Future works
>>=============
>>
>> - improving the caching and revocation: it is currently tested
>> and will be sent out soon after stability testing
>
>
> Should be helpful enough to cache result until thing's opened for
> writing, or is that what you're doing now?
>
This is what we're doing now, but we need to implement a hash table to
accelerate the lookup for the signatures.
Regards,
Makan
> thanks,
> -chris
--
Makan Pourzandi, Open Systems Lab
Ericsson Research, Montreal, Canada
*This email does not represent or express the opinions of Ericsson Inc.*
next prev parent reply other threads:[~2004-09-09 17:56 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-09 15:55 [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries Makan Pourzandi
2004-09-09 16:24 ` Chris Wright
2004-09-09 17:23 ` Serge E. Hallyn
2004-09-09 17:42 ` Chris Wright
2004-09-09 18:43 ` Serge E. Hallyn
2004-09-09 17:31 ` Makan Pourzandi [this message]
2004-09-09 17:55 ` Chris Wright
2004-09-09 19:05 ` Serge E. Hallyn
2004-09-09 20:40 ` Makan Pourzandi
2004-09-09 21:03 ` Chris Wright
2004-09-09 21:45 ` Serge E. Hallyn
2004-09-10 21:28 ` Chris Wright
2004-09-10 20:53 ` Makan Pourzandi
2004-09-10 21:26 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41409378.5060908@ericsson.com \
--to=makan.pourzandi@ericsson.com \
--cc=axelle.apvrille@trusted-logic.fr \
--cc=chrisw@osdl.org \
--cc=david.gordon@ericsson.com \
--cc=gaspoucho@yahoo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.