Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files

To: Stainless Steel Rat <ratinox@peorth.gweep.net>
Cc: Debian-Devel <debian-devel@lists.debian.org>
Subject: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
From: Oscar Levi <elf@buici.com>
Date: Mon, 14 Dec 1998 11:04:38 -0800
Message-id: <[🔎] 19981214110437.C16780@hazel.buici.com>
In-reply-to: <x7pv9mznlh.fsf@peorth.gweep.net>; from Stainless Steel Rat on Mon, Dec 14, 1998 at 11:37:30AM -0500
References: <[🔎] 19981212210928.A9458@hazel.buici.com> <x7u2yzlq8g.fsf@peorth.gweep.net> <19981213203123.B15415@hazel.buici.com> <x7pv9mznlh.fsf@peorth.gweep.net>

On Mon, Dec 14, 1998 at 11:37:30AM -0500, Stainless Steel Rat wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> "OL" == Oscar Levi <elf@buici.com> writes:
> 
> OL> Where is the complexity?  How much simpler can it get that embedding
> OL> signatures in the files themselves?
> 
> Having a (redundantly stored, if necessary) database containing the
> complete path to the file and the file's signature.  It works regardless of
> file types, OS variant, and you can store other information such as time
> stamps, ownership and permissions.

And how is this better?

I have considered embedding other data in the signature block such as
permissions and timestamps.  I can imaging that one form of attack
would be to promote a banal executable to setuid root and use it to
reenter the system.

1) file types - It is true that I need to implement embedded
   signatures for other file types.  COFF is not interesting on
   GNU/Linux nor on Solaris, IIRC.  Besides, COFF is suceptible to
   embedding.  I haven't done it because I don't have an COFF files.
   If this is a big deal to someone, then they'll never switch from
   tripwire.  The fact is that executable formats don't change that
   often.  My code will (should?) work with any ELF derivative which
   is the most likely format to persist...besides COFF.  Note that
   Windows NT is the OS with the largest (one of the largest?)
   installed based of COFF binaries. 
2) OS variant: again GNU/Linux is the current target.  Other systems
   may benefit, but it doesn't really matter to Debian.  Hurd is ELF,
   right? 
3) Time-stamps et. al:  These may be added trivially.  I make a
   comment about this in the README.  This version does none of it
   because it isn't necessary to demonstrate the concept.
4) Separate DB: I think this is a weakness because it means that if I
   lose the DB, I cannot know if the system has been tampered.  With
   embedded certs, the system is implicitly verifiable.  We assert a
   couple of simple rules: all binaries and scripts are signed with
   Good Pat's key which is 0xfe78337....

> 
> >> Take a look at what Tripwire does.
> OL> Where can I find that?
> 
> The COAST archive at <URL:http://www.cs.purdue.edu/coast/> is the canonical
> source for Tripwire, both code and information about it.

It is also in Debian.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v0.4.5 (GNU/Linux)
> Comment: For info finger gcrypt@ftp.guug.de
> 
> iD8DBQE2dT7Igl+vIlSVSNkRArqqAKDcpG61ZfRVus02nBE5xZuxufkaQwCffNoX
> h0YYOuN3qypOmOQh4C0Trx4=
> =yRA3
> -----END PGP SIGNATURE-----
> 
> -- 
> Rat <ratinox@peorth.gweep.net>    \ If Happy Fun Ball begins to smoke, get
> PGP Key: at a key server near you! \ away immediately. Seek shelter and cover
> GPG Key: same as my PGP 5 (DH) key  \ head.
>

Reply to:

References:
- PREVIEW: bsign embeds hash and/or digital signature in ELF files
  - From: Oscar Levi <elf@buici.com>

Prev by Date: Re: [Re: Nomination talks] IRC is unacceptable
Next by Date: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Previous by thread: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Next by thread: Re: PREVIEW: bsign embeds hash and/or digital signature in ELF files
Index(es):
- Date
- Thread