Re: Makeing Debian more secure - sign binaries with elfsign?

[Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please stop cc:ing me. List policy is not to do that, please respect 
that.

On Monday 03 May 2004 10.13, Andreas Kotes wrote:

> system. nonetheless, having /sbin/init, the interpreters, basic
> system utilities (fbset, fdisk, e2fsck) verifyable without having to
> run a full-blown file modification system might be desirable ..

What I was aiming at: Debian has most of this infrastructure already in 
place: md5sums are mostly there, and the necessary software for signed 
debs is afaik mostly written.

So on every Debian system, you essentially already have 90% of a 
full-blown file modification detection system.

Of course, elf signing, if in the kernel, might have the advantage of 
not allowing to execute unsigned binaries - but I guess that is not the 
quick solution to check important system files that you're after.

greetings
- -- vbi

- -- 
Por la boca muere el pez.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

iKcEARECAGcFAkCXPddgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l64rgAoInADIQVd70eWCfaujGuUK8i
7AmDAJ4nrOw2DQLuCrx0C7i1nVUbT16exw==
=XVeI
-----END PGP SIGNATURE-----