Valerie Anne Bubb wrote:
On Sat, 6 May 2006, Martin Schaffstall wrote:
I just had an idea: Would it be useful/feasible to sign all
executabley in Solaris with a cryptographic key and only allow
execution of signed binaries then? Would this help to improve system
security?
Hi Martin -
It may be useful, and in fact we thought of it in Solaris 10.
At least all of ON is cryptographicly signed for Solaris 10.
Except for plugins to the Solaris Cryptographic Framework,
none of the signatures are currently checked at run time.
It is much more than just ON that is signed it is almost everything in
Solaris. Why almost ? there are a very small number of things on the
exception list due to bugs in the binaries or the signing technology.
Almost all of those are signed in the current SX releases.
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
