![]() ![]() Signed or not, you couldn't trust them once they were under control of a hacker. Many interpreters are wide open about what they allow bash(1) can communicate with remote systems entirely on its own using echo and /dev/tcp, and can easily be tricked into executing anything an attacker needs doing. Where would the signatures be stored? In the scripts? In extended attributes? In an external database of signatures? Since most of these programs are free-format plain text they lack the structure that made embedding digital signatures into ELF object files so easy. We would need to provide language-specific modifications to bash, perl, python, java, awk, sed, and so on, for each of the interpreters to be able to also validate signatures. What would we do about programs that supply their own loader?Ī great many programs are written in languages that do not compile to ELF objects. This wasn't impossible but did complicate the interface: should we have the loader ask the kernel to validate a signature or should the computation be done entirely in userspace? How would one protect against a strace(2)d process if this portion of the validation is done in userspace? Would we be forced to forbid strace(2) entirely on such a system? Signed libraries would require also modifying the ld.so loader and the dlopen(3) mechanism. We had not yet built support for signed libraries. It did introduce some performance penalties upon the first execution of every program (because the kernel had to load in the entire file, rather than just demand-page the needed pages) but once the system was in a steady-state, it worked well.īut we decided to stop pursuing it because it faced several problems that were too large to justify the complexity: I wrote signed executable support for the Linux kernel (around version 2.4.3) a while back, and had the entire toolchain in place for signing executables, checking the signatures at execve(2) time, caching the signature validation information (clearing the validation when the file was opened for writing or otherwise modified), embedding the signatures into arbitrary ELF programs, etc. I realize this is an ancient question but I just now found it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |