Date: Thu, 21 Jun 2007 18:29:17 +0200
From: Alexander Wuerstlein <arw@arw.name>
To: Adrian Bunk <bunk@stusta.de>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] signed binaries support [0/4]
Message-ID: <20070621162917.GB9741@cip.informatik.uni-erlangen.de>
References: <20070621155516.GA6838@faui01.informatik.uni-erlangen.de> <20070621161758.GP12950@stusta.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20070621161758.GP12950@stusta.de>
User-Agent: Mutt/1.5.15 (2007-05-02)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1295
Lines: 35

On 070621 18:19, Adrian Bunk <bunk@stusta.de> wrote:
> On Thu, Jun 21, 2007 at 05:55:16PM +0200, Johannes Schlumberger wrote:
> 
> > Hi,
> 
> Hi Johannes,
> 
> > We (two students of CS) built a system for signing binaries and verifying them
> > before executing. Our main focus was to implement a way to inhibit execution
> > of suid-binaries, which are not trustworthy (i.e. not signed).
> >...
> 
> doesn't anyone who is able to install a not trustworthy suid-binary 
> already have the priviliges to do anything he wants to without requiring 
> an suid bit?

Yes, quite correct in most cases. But if you have taken control of a computer
on of the more common ways to keep the control for some time is the
installation of a suid-binary (e.g. as part of a rootkit). 

One could also imagine a scenario where an attacker controls some filesystems
(on external storage perhaps) where he can of course manipulate the suid bit,
but he does not have direct control over the attacked system unless he can
execute that file.


Ciao,

Alexander Wuerstlein.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/