From: Johannes Schlumberger <spjsschl@stud.informatik.uni-erlangen.de>
To: linux-kernel@vger.kernel.org
Subject: [PATCH] signed binaries support [0/4]
Date: Thu, 21 Jun 2007 17:55:16 +0200 [thread overview]
Message-ID: <20070621155516.GA6838@faui01.informatik.uni-erlangen.de> (raw)
Hi,
We (two students of CS) built a system for signing binaries and verifying them
before executing. Our main focus was to implement a way to inhibit execution
of suid-binaries, which are not trustworthy (i.e. not signed). Of course this
can also be used to grant other access rights, capabilities, etc.
The signature (e.g. HMAC-SHA1 with a shared secret) is stored in extended
filesystem attributes (userland-signing-tool provided) [1]. Depending on the
outcome of our check (performed during exec) a newly introduced flag in
the task_struct is set. To be able to also check libraries, we introduced a
similar flag in the vm_area struct. Depending on the state of the flag, the
suid/sgid bit on the file is honored or ignored. If a process behaves badly
(e.g mapping executable memory writable or loading an untrusted library) it
is handled appropriately (killed in our current implementation).
In the current state our code is of course very expermimental and should be
handled with care.
We mainly seek comments, suggestions and wisdom before we tackle the more
difficult tasks, like proper signatures (public-key-systems, etc.).
regards,
Johannes
[1] http://git.informatik.uni-erlangen.de/?p=ssuid-userland&a=snapshot;h=HEAD
--
Johannes Schlumberger Department of Computer Science IV
Martensstrasse 1 D-91058 Erlangen Germany University of Erlangen-Nuremberg
http://wwwcip.informatik.uni-erlangen.de/~spjsschl
next reply other threads:[~2007-06-21 16:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-21 15:55 Johannes Schlumberger [this message]
2007-06-21 16:17 ` [PATCH] signed binaries support [0/4] Adrian Bunk
2007-06-21 16:29 ` Alexander Wuerstlein
2007-06-21 17:23 ` Adrian Bunk
2007-06-21 17:34 ` Alexander Wuerstlein
2007-06-21 18:05 ` Adrian Bunk
2007-06-21 18:21 ` Johannes Schlumberger
2007-06-22 18:25 ` [PATCH] export xattr_resolve_name_sns [1/4] Alexander Wuerstlein
2007-06-22 18:25 ` [PATCH] Check files' signatures before doing suid/sgid [2/4] Alexander Wuerstlein
2007-06-22 19:36 ` Satyam Sharma
2007-06-24 22:58 ` Alexander Wuerstlein
2007-06-25 23:53 ` Satyam Sharma
2007-06-26 0:27 ` Alexander Wuerstlein
2007-06-26 2:13 ` Satyam Sharma
2007-06-23 17:54 ` Jan Engelhardt
2007-06-22 18:25 ` [PATCH] sns: check related executable memory of binaries [3/4] Alexander Wuerstlein
2007-06-22 18:25 ` [PATCH] sns: add syscall to check signed state of a process [4/4] Alexander Wuerstlein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070621155516.GA6838@faui01.informatik.uni-erlangen.de \
--to=spjsschl@stud.informatik.uni-erlangen.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).