On Sunday 12 July 2009 6:11:23 pm Jason C. Wells wrote: > Is there a method by which we can check the consistency of an executable > or library prior to trusting it for execution? For example, if the file > doesn't exist in the list of trusted files or the checksums do not match > then do not allow execution and write a warning message to the log. I > could do this manually with existing features like mtree. It would be > nice if the system could do it for me.
I believe csjp@ has a MAC module to store checksums of trusted executables in the kernel and to fail execve() if the executable is not a known trusted binary. -- John Baldwin _______________________________________________ freebsd-chat@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-chat To unsubscribe, send any mail to "freebsd-chat-unsubscr...@freebsd.org"
