l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2008 Aug 21 07:45

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Linux file/module security proposal.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Linux file/module security proposal.



First some background.

I was pondering recent security discussions, the weaknesses of file checksums 
is mostly in that it's not at runtime but at scan time.  Also it's trivial 
(i.e. the default behavior for current hacks) to read a valid checksum, but 
execute the corrupted binary.  Of course offline tripwire usage will find the 
official binaries in the official places with the official checksum.

Centos/Ubuntu (and many others I'm sure) distribute file checksums with their 
packages and sign their packages.

What we really need is a runtime checking of binaries, preferably requiring 
them to be signed.  That way an admin can maintain a list of signatures that 
they trust, yet any hacker that tries to introduce trojan binaries or kernel 
rootkits would find that they don't work.

The problem is none of the unix like operating systems seem to be heading in 
this direction, not even openbsd (which seems to be the most security 
conscious).  Actually I just discovered that RHEL kernels have a GPG signed 
modules, although I'm unclear at the moment if it's just a support thing (I.e. 
you can check under /proc if a driver is official) or if you can limit loading 
only to official binaries.

So the proposal:

A mirror that downloads a distribution, checks the package signature, if valid 
it breaks open, signs all the binaries, rebuilds the package, and signs the 
package with a new key.

The biggest downside (IMO) is that you have to trust that mirror as much as 
you used to have to trust the distro (i.e. redhat, ubuntu, or debian) maintainer.

So would you use such a mirror to protect against trojan binaries and kernel 
modules?  Why?  Why not?  Can you think of a better approach?
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.