On 6/26/07, Alexander Wuerstlein
<[EMAIL PROTECTED]> wrote:
[...]
Nope. I unluckily wrote 'userspace' where I should have said something else:
Chain-of-trust is handled in what I would label 'Adminspace' (Where we do the
signing as in points 1 and 2). There is a very small number of signatures (i
On 070626 01:56, Satyam Sharma <[EMAIL PROTECTED]> wrote:
> On 6/25/07, Alexander Wuerstlein
> <[EMAIL PROTECTED]> wrote:
>> On 070622 21:40, Satyam Sharma <[EMAIL PROTECTED]> wrote:
>> > [...]
>> We decided against
>> altering the file itself for that and some other reasons.
>> The limitation to s
On 6/25/07, Alexander Wuerstlein
<[EMAIL PROTECTED]> wrote:
On 070622 21:40, Satyam Sharma <[EMAIL PROTECTED]> wrote:
> [...]
> But first: Have you checked the digsig project? It's been doing
> (for some time) what your current patchset proposes -- and
> it uses public key cryptosystems for the k
Hi,
> >If a process uses read() it needs some executable and writable memory. We do
> >check for this in mprotect(). There is a problem with the i386-architecture,
> >because it allows execution of any readable page (except with newer
> >processors). But beyond that ugliness of i386, it should no
On 070622 21:40, Satyam Sharma <[EMAIL PROTECTED]> wrote:
> Hi Alexander, Johannes,
>
> But first: Have you checked the digsig project? It's been doing
> (for some time) what your current patchset proposes -- and
> it uses public key cryptosystems for the key management,
> which is decidedly better
On Jun 21 2007 19:46, Alexander Wuerstlein wrote:
>
>If a process uses read() it needs some executable and writable memory. We do
>check for this in mprotect(). There is a problem with the i386-architecture,
>because it allows execution of any readable page (except with newer
>processors). But bey
On Jun 22 2007 20:25, Alexander Wuerstlein wrote:
>+#ifdef CONFIG_SNS_SIGNED
>+#include
>+#endif
>
> #include
> #include
>@@ -928,13 +931,21 @@ int prepare_binprm(struct linux_binprm *bprm)
> mode = inode->i_mode;
> if (bprm->file->f_op == NULL)
> return -EACCES;
>+#i
Hi Alexander, Johannes,
[ Added linux-crypto to Cc: ]
Wow, this is _one_ *intrusive* patchset indeed :-)
But first: Have you checked the digsig project? It's been doing
(for some time) what your current patchset proposes -- and
it uses public key cryptosystems for the key management,
which is d
Modified task_struct to hold a 'signed flag' which is set on exec(), inherited
on fork() and checked during exec before giving the new process suid/sgid
privileges.
sns.c contains our helper functions to verify the signatures.
sns_secret_key.dat contains the 'secret key' which is used for HMAC.
S
Hi,
> > If a process uses read() it needs some executable and writable memory. We do
> > check for this in mprotect(). There is a problem with the i386-architecture,
> > because it allows execution of any readable page (except with newer
> > processors). But beyond that ugliness of i386, it should
On Thu, 2007-06-21 at 19:46 +0200, Alexander Wuerstlein wrote:
> On 070621 19:33, Arjan van de Ven <[EMAIL PROTECTED]> wrote:
> > On Thu, 2007-06-21 at 19:25 +0200, Alexander Wuerstlein wrote:
> > > On 070621 19:21, Arjan van de Ven <[EMAIL PROTECTED]> wrote:
> > > > On Thu, 2007-06-21 at 18:02 +02
On 070621 19:33, Arjan van de Ven <[EMAIL PROTECTED]> wrote:
> On Thu, 2007-06-21 at 19:25 +0200, Alexander Wuerstlein wrote:
> > On 070621 19:21, Arjan van de Ven <[EMAIL PROTECTED]> wrote:
> > > On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote:
> > > > Modified task_struct to hold a
On Thu, 2007-06-21 at 19:25 +0200, Alexander Wuerstlein wrote:
> On 070621 19:21, Arjan van de Ven <[EMAIL PROTECTED]> wrote:
> > On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote:
> > > Modified task_struct to hold a 'signed flag' which is set on exec(),
> > > inherited
> > > on fork(
On 070621 19:21, Arjan van de Ven <[EMAIL PROTECTED]> wrote:
> On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote:
> > Modified task_struct to hold a 'signed flag' which is set on exec(),
> > inherited
> > on fork() and checked during exec before giving the new process suid/sgid
> > pri
On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote:
> Modified task_struct to hold a 'signed flag' which is set on exec(), inherited
> on fork() and checked during exec before giving the new process suid/sgid
> privileges.
>
do you also check the signature of glibc and every other sh
Modified task_struct to hold a 'signed flag' which is set on exec(), inherited
on fork() and checked during exec before giving the new process suid/sgid
privileges.
sns.c contains our helper functions to verify the signatures.
sns_secret_key.dat contains the 'secret key' which is used for HMAC.
S
16 matches
Mail list logo
