Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries

From: Chris Wright
Date: Thu Sep 09 2004 - 11:28:14 EST

Next message: Bill Davidsen: "Re: swapping and the value of /proc/sys/vm/swappiness"
Previous message: Alan Cox: "Fixing the holes in the tty layer"
In reply to: Makan Pourzandi: "[ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authenticationof binaries"
Next in thread: Serge E. Hallyn: "Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Makan Pourzandi (Makan.Pourzandi@xxxxxxxxxxxx) wrote:
> Hi all,
>
> DSI development team would like to announce the release 1.3.1 of digsig.
>
> This kernel module helps system administrators control Executable and
> Linkable Format (ELF) binary execution and library loading based on
> the presence of a valid digital signature. The main functionality is
> to help system administrators distinguish applications he/she trusts
> (and therefore signs) from viruses, worms (and other nuisances). It is
> based on the Linux Security Module hooks.
>
> The code is GPL and available from:
> http://sourceforge.net/projects/disec/, download digsig-1.3.1. For
> more documentation, please refer to disec.sourcefrge.net.
>
> I hope that it'll be useful to you.
>
> All bug reports and feature requests or general feedback are welcome
> (please CC me or disec-devel@xxxxxxxxxxxxxxxxxxxxx in your answer or
> feedback to the mailing list).
>
> Regards,
> Makan Pourzandi
>
> Changes from Digsig release 0.2 announced in this mailing list:
> ================================================================
>
> - the verification of signatures for the shared binaries has been
> added.
> - added support for caching of signatures
> - added documentation for digsig
> - added support for revoked signatures
> - support to avoid vulnerability for rewrite of shared
> libraries

Could you elaborate on this one?

> - use sysfs to connect to the module instead of the char device
> - code clean up, and some bug fixes
>
> Future works
> =============
>
> - improving the caching and revocation: it is currently tested
> and will be sent out soon after stability testing

Should be helpful enough to cache result until thing's opened for
writing, or is that what you're doing now?

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bill Davidsen: "Re: swapping and the value of /proc/sys/vm/swappiness"
Previous message: Alan Cox: "Fixing the holes in the tty layer"
In reply to: Makan Pourzandi: "[ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authenticationof binaries"
Next in thread: Serge E. Hallyn: "Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]