Hi Anand,
Anand Vaidya wrote:
I am interested in knowing whether any of the list-members have ever used ELF
Signatures? If so what is/was your experience ? , esp. when you distribute
code?
Or, is there any major projects / commercial software that uses ELF
signatures? google can't find any...
I have not used them but I do remember one issue with them - prelinking
does not work as this requires the executables and libraries to be
re-written in-place on the system they are deployed on.
Also I know that they (ELF signatures) are mostly handled in userspace
due to the dynamic linker. Only the loading of ld.so is verified by the
kernel and ld.so has to do the rest in userspace (at least that is what
the kernel developers told the elf signature proponents IIRC - go do it
in userspace and set immutable attribute on ld.so, drop chattr capability).
There does need to be a chain of trust established from boot (tpm), and
userspace needs kernel support - but probably because this is a sort of
DRM type technology, it didn't seem to take off in the linux kernel
community as this is sort of counter to many of the goals of the GPL
i.e. technology to prohibit changing of code e.g. TiVo or whatever
device that you can no longer hack.
What ever happened to pre-linking BTW? I remember having a crontab that
did this some time ago but it is not present in my current ubuntu
system. I guess pre-linking is incompatible with the address space
randomization [1] that they are doing nowadays in the dynamic linker.
I believe OS X still uses pre-linking (the "Optimizing system" part when
installing a pkg) to reduce application start times.
~mc
[1]
[EMAIL PROTECTED]:~$ ldd /bin/ls
linux-vdso.so.1 => (0x00007fffa27fe000)
librt.so.1 => /lib/librt.so.1 (0x00007f639a22b000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00007f639a00f000)
libacl.so.1 => /lib/libacl.so.1 (0x00007f6399e07000)
libc.so.6 => /lib/libc.so.6 (0x00007f6399a95000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f6399879000)
/lib64/ld-linux-x86-64.so.2 (0x00007f639a434000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f6399675000)
libattr.so.1 => /lib/libattr.so.1 (0x00007f6399470000)
[EMAIL PROTECTED]:~$ ldd /bin/ls
linux-vdso.so.1 => (0x00007fff51bff000)
librt.so.1 => /lib/librt.so.1 (0x00007f40497c8000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00007f40495ac000)
libacl.so.1 => /lib/libacl.so.1 (0x00007f40493a4000)
libc.so.6 => /lib/libc.so.6 (0x00007f4049032000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f4048e16000)
/lib64/ld-linux-x86-64.so.2 (0x00007f40499d1000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f4048c12000)
libattr.so.1 => /lib/libattr.so.1 (0x00007f4048a0d000)
_______________________________________________
Slugnet mailing list
[email protected]
http://wiki.lugs.org.sg/LugsMailingListFaq
http://www.lugs.org.sg/mailman/listinfo/slugnet
