Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting System Binaries From Trojan Attack

Posted by timothy on from the matching-game dept.

junyoung writes "Brett Lymn has added verified exec to NetBSD-current, which verifies a cryptographic hash before allowing execution of binaries and scripts. This can be used to prevent a system from running binaries or scripts which have been illegally modified or installed. Verified exec can also be used to limit the use of script interpreters to authorized scripts only and disallow interactive use."

5 of 44 comments (clear)

  1. Re:Will this really help? by ChadN · · Score: 5, Informative

    "cryptographic hash" != "checksum"

    What you propose is not feasible, if a hash like SHA or even MD5 is used.

    --
    "It's overkill, of course. But you can never have too much overkill." - Anonymous Slashdot Coward
  2. Re:Will this really help? by bootprom · · Score: 2, Informative

    Easier said than done.

    If they use a CRC, it could be difficult to get something to the same checksum. Even if it's only a 32 bit CRC, there are a lot of numbers between 0 and 2^32 - especially when they are the result of some unknown hash function.

    That's not to say it couldn't be done - the idea is akin to the 'The Club'(TM).....

  3. Re:User friendly Palladium ? by stevef · · Score: 4, Informative

    This is solving a different problem. The purpose of this is to prevent programs that the computer owner doesn't want to be executed. Palladium and that ilk aim to prevent programs that the entertainment industry doesn't want to execute.

    Although, when/if this is presented as an alternative it will be interesting to see their response as to why it's not sufficient.

    Steve

  4. Re:Will this really help? by Anonymous Coward · · Score: 1, Informative

    It is. MD5 or SHA1 choice on a per-file basis. With the ability to add other algorithms as required.

  5. more details on verified exec by blymn · · Score: 4, Informative

    For people who want to understand more about what verified actually does, have a look at my home page which has a bit more detail on the philosophy and also a copy of the paper I presented on the subject.