[linux-elitists] System-wide certification key (equivalent of root access)

Greg KH greg@kroah.com
Fri Jan 18 11:13:27 PST 2002


On Fri, Jan 18, 2002 at 10:53:17AM -0800, Seth David Schoen wrote:
> 
> So another possible application is setuid scripts.

A number of people have pseudo working implementations for something
like this for Linux.  Here's the different projects that I have seen
(none of them are public from what I can tell, so there's code for
people to play with, yet...)

 - kernel can only load modules signed with a proper key.
   This keeps modules that are not "blessed" with a distro's key from
   being able to be loaded.  Makes tech support much easier.  Microsoft
   does much the same thing.

 - kernel only executes binaries or scripts signed with a proper key.
   If the binary/script is not signed, then a host of options are
   available:
   	- run the program with no privileges
	- don't run the program
	- run the program, but let someone know about it.

I had the second option working in a lab, but was incredibly slow.

Wait, it did finally get released, see:
	http://www.immunix.org/CryptoMark/cryptomark-1.0.tar.gz
It uses gpg as a crypto library, which I proved is a _very_ bad thing to
do in kernel space (slow and leaks memory over time.)

I started to port the code to using the SSL library, but left WireX
before I finished it.  Hopefully someone is still working on the code,
it's a great idea.

Hope this helps,

greg k-h



More information about the linux-elitists mailing list