Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting System Binaries From Trojan Attack

Posted by timothy on from the matching-game dept.

junyoung writes "Brett Lymn has added verified exec to NetBSD-current, which verifies a cryptographic hash before allowing execution of binaries and scripts. This can be used to prevent a system from running binaries or scripts which have been illegally modified or installed. Verified exec can also be used to limit the use of script interpreters to authorized scripts only and disallow interactive use."

4 of 44 comments (clear)

  1. Re:Will this really help? by Alethes · · Score: 2, Insightful

    If it were so easy to modify a working malicious binary to match the checksum/md5 or any other hash, why would it be used so often as a method of file verification? I'm thinking it'd be a lot harder to make this happen than you're implying.

  2. Re:Will this really help? by Anonymous Coward · · Score: 2, Insightful
    If I'm writing a tool to break into a system which has this capability then I will simply pad my binary to match the size and tweak my code/data areas to be the same checksum.

    Yes it's a hurdle, but methinks a minor one...

    Well, it would appear to be the case at first glance, but you have to remember that cryptographic hashes are designed to solve exactly this problem. It is much more difficult than you think.

    Or perhaps better stated: show me the code.

  3. I guess... by Hard_Code · · Score: 4, Insightful

    This raises the constant on the level of security, but not the order of magnitude. From what I read, this just makes it more burdensome on the hacker...it's not actually introducing a new level of security. I suppose this would be good for internet 'appliances' where the access is probably limited to any holes or buffer overflows in web scripting languages. But it seems if one has access to the file system (prerequisite for trojaning anyway) this system breaks:

    "Even if the file did have the same inode if the contents are modified then the fingerprint will not match anyway."

    Huh?? So, the attacker just regens the hash on the trojaned binary and the kernel thinks it is the cached value...am I missing something here? Can one NOT change the cached hash without creating a seperate inode or something?

    --

    It's 10 PM. Do you know if you're un-American?
  4. IT is free. by mindstrm · · Score: 2, Insightful

    The code you wrote is freely available to all.
    Code others make out of it may not be.

    So you want to dictate that only those people who are going to give code away are allowed to modify your code. That's fine, just don't pretend it's about freedom.