[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Makeing Debian more secure - sign binaries with elfsign?


I've stumbled over elfsign (on http://www.hick.org/code.html) a while
ago, which is a tool that allows cryptographic in-file signing of the
executable and other parts of ELF binaries. I've been pondering about
this for a while, and keep on thinking that this would be a great idea
for distributions like Debian etc. ...

I'd love to have some discussion about this approaches here, before
taking it to individual developers or to the policy team ..

What do you think? Signed binaries instead of tools like tripwire or
aide et all?

There is a tool (elfcmp) which allows to compare on-disk and in-memory
ELF files, too ...

Kind regards,


Andreas Kotes - ICQ: 3741366 - The views expressed herein are (only) mine!
Follow the path of the unsafe, independent thinker. Expose your ideas to the
danger of controversy. Speak your mind and fear less the label of "crackpot"
than the stigma of conformity. (Thomas J. Watson) ### OpenPGP key 0x8F94C228

Reply to: