Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting System Binaries From Trojan Attack

Posted by timothy on Wednesday October 30, 2002 @12:59PM from the matching-game dept.

junyoung writes "Brett Lymn has added verified exec to NetBSD-current, which verifies a cryptographic hash before allowing execution of binaries and scripts. This can be used to prevent a system from running binaries or scripts which have been illegally modified or installed. Verified exec can also be used to limit the use of script interpreters to authorized scripts only and disallow interactive use."

3 of 44 comments (clear)

Min score:

Reason:

Sort:

Re:Will this really help? by ChadN · 2002-10-30 13:27 · Score: 5, Informative

"cryptographic hash" != "checksum"

What you propose is not feasible, if a hash like SHA or even MD5 is used.

--
"It's overkill, of course. But you can never have too much overkill." - Anonymous Slashdot Coward
Re:User friendly Palladium ? by stevef · 2002-10-30 15:12 · Score: 4, Informative

This is solving a different problem. The purpose of this is to prevent programs that the computer owner doesn't want to be executed. Palladium and that ilk aim to prevent programs that the entertainment industry doesn't want to execute.

Although, when/if this is presented as an alternative it will be interesting to see their response as to why it's not sufficient.

Steve
more details on verified exec by blymn · 2002-10-31 13:56 · Score: 4, Informative

For people who want to understand more about what verified actually does, have a look at my home page which has a bit more detail on the philosophy and also a copy of the paper I presented on the subject.