Dailydave mailing list archives
Re: Default Deny on Executables
From: Joel Eriksson <je () bitnux com>
Date: Wed, 14 Sep 2005 22:15:01 +0200
Great idea, although it might be dangerous in case the unsigned sections are parsed and the parser contains a flaw. The big question, however, is what problem one is trying to solve by embedding digital signatures in software. On single-user systems it's definitely a great way to stop files from being executed without the users knowledge. However, many people seem to believe it would make it impossible for users on multiuser systems to run untrusted code, like exploits or unauthorized software. This is definitely not the case. First and foremost, there are interpreters like perl, python, etc that can be used to do virtually anything. Besides that obvious possibility, any ordinary executable with an arbitrary-code-execution bug can be used to for example inject shellcode that maps an unauthorized executable, parses its ELF/PE/whatever-header and loads the required libraries into memory etc. Suddenly all those ls/notepad.exe/whatever-bugs becomes useful for something else than demonstration purposes. ;) Just because you can't execve() it doesn't mean it can't be executed. El Nahual might remember that we had a chat about this with regards to Anubis a couple of years ago. :) Sorry you had to drop the project btw. -- Best Regards, Joel Eriksson ------------------------------------------------- Cellphone: +46-70 228 64 16 Home: +46-18-30 35 55 Security Research & Systems Development at Bitnux PGP Key Server pgp.mit.edu, PGP Key ID 0x08811B44 DF38 5806 0EFB 196E E4B6 34B5 4C01 73BB 0881 1B44 ------------------------------------------------- On Wed, Sep 14, 2005 at 12:50:08PM -0400, Dave Aitel wrote:
Andrew R. Reiter wrote:<snip> While this is on a different OS, I've seen numerous installer packages modify the binary being put onto the machine to include various information (OS version, arch, install time). So, if for any reason, there are installation packages that do modify ELF files (I've never looked into this), you might have issues. But I don't see this as a common thing to *nix -- though I've not looked into it.You don't necessarily have to sign the whole file if you can sign sections (aka the text/data/global/etc segments) of it, or include a "these segments are signed and all others should be ignored" segment, that is itself signed by RH/Dell/etc. -daveCheers, Andrew
Current thread:
- Re: Default Deny on Executables, (continued)
- Re: Default Deny on Executables Simon B (Sep 14)
- Re: Default Deny on Executables Kurt Seifried (Sep 14)
- RE: Default Deny on Executables Sash (Sep 14)
- Re: Default Deny on Executables Eduardo Tongson (Sep 14)
- RE: Default Deny on Executables El Nahual (Sep 14)
- Re: Default Deny on Executables miah (Sep 14)
- Re: Default Deny on Executables Andrew R. Reiter (Sep 14)
- RE: Default Deny on Executables El Nahual (Sep 14)
- Re: Default Deny on Executables Dave Aitel (Sep 14)
- Re: Default Deny on Executables Andrew R. Reiter (Sep 14)
- Re: Default Deny on Executables Joel Eriksson (Sep 14)
- Re: Default Deny on Executables Blue Boar (Sep 14)
- Re: Re: Hacking's American as Apple Cider Jason Syversen (Sep 20)
- Science? (WAS: Hacking's American as Apple Cider) Barrie Dempster (Sep 21)
- RE: Re: Hacking's American as Apple Cider Paul Melson (Sep 12)