Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261612AbUCDJk4 (ORCPT ); Thu, 4 Mar 2004 04:40:56 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261628AbUCDJkz (ORCPT ); Thu, 4 Mar 2004 04:40:55 -0500 Received: from jaguar.mkp.net ([192.139.46.146]:3549 "EHLO jaguar.mkp.net") by vger.kernel.org with ESMTP id S261612AbUCDJkp (ORCPT ); Thu, 4 Mar 2004 04:40:45 -0500 To: "Michael Frank" Cc: "kernel mailing list" Subject: Re: How to black list shared libraries and executable References: From: Jes Sorensen Date: 04 Mar 2004 04:40:26 -0500 In-Reply-To: Message-ID: User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1007 Lines: 19 >>>>> "Michael" == Michael Frank writes: Michael> Just wondering on how to build a kernel-level facility which Michael> would require shared libraries and executables to be "keyed" Michael> or even "signed" to run on linux. Michael> This is to prevent execution of software not specifically Michael> authorized. The shared libraries are going to cause you 'issues' since these are all loaded by dynamic linker. All the kernel loads is ld.so, the rest of them are mmap'ed from userland. So if you want to take this approach, you would have to hack a special ld.so that only allows your authorized libraries and only authorize the kernel to load that dynamic linker. Otherwise you have to do content validation for all mmap operations. Jes - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/