Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries

[Kyle Moffett]

On Apr 25, 2006, at 15:52:45, Valdis.Kletnieks@xxxxxx wrote:
> On Tue, 25 Apr 2006 21:37:48 +0200, Arjan van de Ven said:
> > On Tue, 2006-04-25 at 19:57 +0100, Nix wrote:
> > > On Tue, 25 Apr 2006, Arjan van de Ven said:
> > > > so you didn't sign perl ? or bash ?
> > >
> > > You can write an elf loader in bash?!
> >
> > I've not tried it.. but afaics bash scripts are sufficiently  
> > turing complete to pull it off ;)
>
> Well, somebody did 'shasm' (an assembler in bash), so I don't see  
> any reason you can't do an elf loader... (OK, so you *might* have  
> to write a machine emulator in bash, store the binary in an array,  
> and emulate the sucker...)

Well I know that there are ways in Perl to overwrite arbitrary memory  
(it's considered a bug of a certain XS library, although it has no  
security implications because you could do the equivalent in Perl  
anyways).  I would assume that it's quite possible to do the same in  
bash with a specially formatted bash script.  Once you can scribble  
on arbitrary memory, you can load a compiled ELF loader and execute  
it without much trouble at all.  A signed perl binary would open a  
hole the size of a barn door in your scheme, I think.

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/