Digitally Signed Binaries w/ Kernel support, etc.
Max Laier
max at love2party.net
Thu Apr 3 11:51:55 UTC 2008
On Wednesday 02 April 2008 21:09:59 Forrest Aldrich wrote:
> Does FreeBSD have support for digitally signed binary checking, similar
> to what Linux has with bsign and DigSig, where system binaries are
> signed and this signature is verified before being run in the kernel?
There is mac_chkexec[1], but I'm not sure about its status.
> This would be very useful to have to further tighen-down the system.
[1]http://perforce.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/trustedbsd/mac/sys/security/mac%5fchkexec&HIDEDEL=NO
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-stable
mailing list