Kernel module to deny execution of unsigned binaries?
Max Laier
max at love2party.net
Wed Aug 30 19:01:53 UTC 2006
On Wednesday 30 August 2006 20:28, 473219 at googlemail.com wrote:
> Is it possible in TrustedBSD to prevent the execution of binaries
> whose path names + checksums are not listed in an "Approved" list?
There is some code from Christian (CCed) here:
http://perforce.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/trustedbsd/mac/sys/security/mac%5fchkexec&HIDEDEL=NO
AFAIR, it uses extended attributes to store a hash of the executeable that
is checked upon execution. Certainly Christian has more details and a
status.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20060830/d0b1df78/attachment.pgp
More information about the trustedbsd-discuss
mailing list