Re: Makeing Debian more secure - sign binaries with elfsign?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Please stop cc:ing me. List policy is not to do that, please respect
that.
On Monday 03 May 2004 10.13, Andreas Kotes wrote:
> system. nonetheless, having /sbin/init, the interpreters, basic
> system utilities (fbset, fdisk, e2fsck) verifyable without having to
> run a full-blown file modification system might be desirable ..
What I was aiming at: Debian has most of this infrastructure already in
place: md5sums are mostly there, and the necessary software for signed
debs is afaik mostly written.
So on every Debian system, you essentially already have 90% of a
full-blown file modification detection system.
Of course, elf signing, if in the kernel, might have the advantage of
not allowing to execute unsigned binaries - but I guess that is not the
quick solution to check important system files that you're after.
greetings
- -- vbi
- --
Por la boca muere el pez.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
iKcEARECAGcFAkCXPddgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l64rgAoInADIQVd70eWCfaujGuUK8i
7AmDAJ4nrOw2DQLuCrx0C7i1nVUbT16exw==
=XVeI
-----END PGP SIGNATURE-----
Reply to: