Roland Smith wrote: > On Wed, Apr 02, 2008 at 03:09:59PM -0400, Forrest Aldrich wrote: >> Does FreeBSD have support for digitally signed binary checking, similar to >> what Linux has with bsign and DigSig, where system binaries are signed and >> this signature is verified before being run in the kernel? > > If an attacker can modify binaries, he already has root privileges. In > that case, what will stop him from creating a new pgp key and re-sign > his doctered binaries? > >> This would be very useful to have to further tighen-down the system. > > As an alternative, on FreeBSD you can set the system immutable flag on > binaries (see chflags(1)), and set the securelevel > 0. See > init(8). Once this is set, not even root can undo this. You have to > reboot to reset the securelevel to -1.
Signing binaries could be naturally tied in with securelevel, where some securelevel (1?) would mean kernel no longer accepts new keys. > The only weakness is that the securelevel is set quite late in the boot > process. An attacker could compromise the system if he gets access > before the securelevel is set.
signature.asc
Description: OpenPGP digital signature
