Page 3 of 3 FirstFirst 123
Results 21 to 23 of 23

Thread: ELF Executable Signing/Verification Comes For Linux

  1. #21
    Join Date
    Jul 2008


    Quote Originally Posted by Rexilion View Post
    You also have to look at the other side, i.e. the distribution. It has to setup infrastructure to verify and sign every binary that passes. And who says that distributions have proper security mechanisms preventing the keys from being stolen/abused? Even got hacked. Why not some random server from Ubuntu?
    RedHat, Novel oder Canonical can easy setup an Infrastructure for there Distributions.

    Quote Originally Posted by Rexilion View Post
    As for configuration, you can assert that for every defense mechanism.
    But its much much easer to Sign an program as to write an complete and secure selinux policy for each (!) program.

  2. #22


    That sounds like it's against the GPL, at least as long as user-space binaries are concerned. You can modify and recompile, but you cannot run. Someone who provided you with a signed user-space binary should have provided you with a key to sign it as well, i.e. ability to modify it and redistribute modifications.

    I think it should not matter whether you can turn that feature in kernel off or not, because kernel is licensed separately and is not considered a part of the program. As far as I understand GPL, keys should be included in source code, according to this definition:

    "The "Corresponding Source" for a work in object code form means all
    the source code needed to generate, install, and (for an executable
    work) run the object code and to modify the work, including scripts to
    control those activities."

  3. #23
    Join Date
    Jan 2013


    So exist an key management or something like that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts