Re: ideas for kernel 2.1

Albert Cahalan (albert@ccs.neu.edu)
Fri, 21 Jun 1996 15:26:01 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert Cahalan: "Re: SCSI device numbering"
Previous message: Olaf Titz: "Re: Distributions with 2.0 yet?"

>> registermagiccookie(sysCOOKIE);
>
> You'd have to make *ALL* setuid programs readonly by root.
> Otherwise it would be too easy to get the cookie.

No, the cookie could be done using RSA, somewhat like a PGP signature.
You only need to keep the kernel itself and/or lilo readonly.
>From what I've heard, the elf binary format makes it easy to attach
stuff like this to the end of an executable.

This way root just signs all suid executables and the kernel
checks for the signature before running them.

Next message: Albert Cahalan: "Re: SCSI device numbering"
Previous message: Olaf Titz: "Re: Distributions with 2.0 yet?"