Dailydave mailing list archives
Re: Default Deny on Executables
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 14 Sep 2005 10:47:08 -0700
While this is on a different OS, I've seen numerous installer packages modify the binary being put onto the machine to include various information (OS version, arch, install time). So, if for any reason, there are installation packages that do modify ELF files (I've never looked into this), you might have issues. But I don't see this as a common thing to *nix -- though I've not looked into it.
My Mac Developers at work tell me that OS X will rebase binaries at
install time, so that there are no address conflicts with any other
binary on disk. This totally screws up attempts to use hashes to verify
things. It seems that the OS X loader couldn't dynamically rebase until
10.3. And 10.3 still does the static rebasing.
In general, a signing scheme has to take into account (or specifically,
leave out) pieces of the binary that are allowed to be modified.
Hopefully, program flow doesn't depend on any of the unsigned pieces. :)
I assume the Mac mangling is too severe to support binary signing as-is.
BB
Current thread:
- Re: Default Deny on Executables, (continued)
- Re: Default Deny on Executables Kurt Seifried (Sep 14)
- RE: Default Deny on Executables Sash (Sep 14)
- Re: Default Deny on Executables Eduardo Tongson (Sep 14)
- RE: Default Deny on Executables El Nahual (Sep 14)
- Re: Default Deny on Executables miah (Sep 14)
- Re: Default Deny on Executables Andrew R. Reiter (Sep 14)
- RE: Default Deny on Executables El Nahual (Sep 14)
- Re: Default Deny on Executables Dave Aitel (Sep 14)
- Re: Default Deny on Executables Andrew R. Reiter (Sep 14)
- Re: Default Deny on Executables Joel Eriksson (Sep 14)
- Re: Default Deny on Executables Blue Boar (Sep 14)
- Re: Re: Hacking's American as Apple Cider Jason Syversen (Sep 20)
- Science? (WAS: Hacking's American as Apple Cider) Barrie Dempster (Sep 21)
- RE: Re: Hacking's American as Apple Cider Paul Melson (Sep 12)