* How to black list shared libraries and executable @ 2004-03-04 7:10 Michael Frank 2004-03-04 8:35 ` Chris Wright 2004-03-04 9:40 ` Jes Sorensen 0 siblings, 2 replies; 3+ messages in thread From: Michael Frank @ 2004-03-04 7:10 UTC (permalink / raw) To: kernel mailing list Just wondering on how to build a kernel-level facility which would require shared libraries and executables to be "keyed" or even "signed" to run on linux. This is to prevent execution of software not specifically authorized. Applications: - Improve security - License management - Prevent unauthorized software installation - Black-listing e.g. SCO libraries and executables Regards Michael ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to black list shared libraries and executable 2004-03-04 7:10 How to black list shared libraries and executable Michael Frank @ 2004-03-04 8:35 ` Chris Wright 2004-03-04 9:40 ` Jes Sorensen 1 sibling, 0 replies; 3+ messages in thread From: Chris Wright @ 2004-03-04 8:35 UTC (permalink / raw) To: Michael Frank; +Cc: kernel mailing list * Michael Frank (mhf@linuxmail.org) wrote: > Just wondering on how to build a kernel-level facility which would > require shared libraries and executables to be "keyed" or even > "signed" to run on linux. Take a look at Cryptomark or DigSig. They at least cover the executables bit. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: How to black list shared libraries and executable 2004-03-04 7:10 How to black list shared libraries and executable Michael Frank 2004-03-04 8:35 ` Chris Wright @ 2004-03-04 9:40 ` Jes Sorensen 1 sibling, 0 replies; 3+ messages in thread From: Jes Sorensen @ 2004-03-04 9:40 UTC (permalink / raw) To: Michael Frank; +Cc: kernel mailing list >>>>> "Michael" == Michael Frank <mhf@linuxmail.org> writes: Michael> Just wondering on how to build a kernel-level facility which Michael> would require shared libraries and executables to be "keyed" Michael> or even "signed" to run on linux. Michael> This is to prevent execution of software not specifically Michael> authorized. The shared libraries are going to cause you 'issues' since these are all loaded by dynamic linker. All the kernel loads is ld.so, the rest of them are mmap'ed from userland. So if you want to take this approach, you would have to hack a special ld.so that only allows your authorized libraries and only authorize the kernel to load that dynamic linker. Otherwise you have to do content validation for all mmap operations. Jes ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-03-04 9:40 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2004-03-04 7:10 How to black list shared libraries and executable Michael Frank 2004-03-04 8:35 ` Chris Wright 2004-03-04 9:40 ` Jes Sorensen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox