Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files

To: Buddha Buck <bmbuck@acsu.buffalo.edu>
Cc: Debian-Devel <debian-devel@lists.debian.org>
Subject: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
From: Ben Pfaff <pfaffben@pilot.msu.edu>
Date: 14 Dec 1998 10:30:00 -0500
Message-id: <[🔎] 87r9u2pwqv.fsf@pfaffben.user.msu.edu>
Reply-to: pfaffben@pilot.msu.edu
In-reply-to: Buddha Buck's message of "Mon, 14 Dec 1998 09:22:07 -0500"
References: <[🔎] E0zpYsy-0004yd-00@resnet217-203.resnet.buffalo.edu>

Buddha Buck <bmbuck@acsu.buffalo.edu> writes:

   I see the situation as analogous to virtually any digital signature 
   situation:  email, Debian packages, etc.  In order for someone to 
   modify the signed element surrupticiously, they would have to have 
   write access to the object being signed, and access to the private key 
   of the signatory.

Where is the key used for verifying signatures stored?  On the system
somewhere, presumably.  An attacker can substitute a different key as
well as recalculate signatures.  

Is this the weakness that people are implying exists?

Reply to:

Follow-Ups:
- Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
  - From: Oscar Levi <elf@buici.com>

References:
- Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
  - From: Buddha Buck <bmbuck@acsu.buffalo.edu>

Prev by Date: Re: DPLs: PAM?
Next by Date: Re: Proposed recompilation to remove dependency on libc6 2.0.7u
Previous by thread: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Next by thread: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Index(es):
- Date
- Thread