Dailydave mailing list archives

Re: Default Deny on Executables

From: Joel Eriksson <je () bitnux com>
Date: Wed, 14 Sep 2005 22:15:01 +0200

Great idea, although it might be dangerous in case the unsigned
sections are parsed and the parser contains a flaw. The big
question, however, is what problem one is trying to solve by
embedding digital signatures in software.

On single-user systems it's definitely a great way to stop files
from being executed without the users knowledge. However, many
people seem to believe it would make it impossible for users on
multiuser systems to run untrusted code, like exploits or
unauthorized software. This is definitely not the case.

First and foremost, there are interpreters like perl, python, etc
that can be used to do virtually anything. Besides that obvious
possibility, any ordinary executable with an arbitrary-code-execution
bug can be used to for example inject shellcode that maps an
unauthorized executable, parses its ELF/PE/whatever-header and
loads the required libraries into memory etc.

Suddenly all those ls/notepad.exe/whatever-bugs becomes useful for
something else than demonstration purposes. ;)

Just because you can't execve() it doesn't mean it can't be executed.

El Nahual might remember that we had a chat about this with regards to
Anubis a couple of years ago. :) Sorry you had to drop the project btw.

-- 
Best Regards,
   Joel Eriksson
-------------------------------------------------
Cellphone: +46-70 228 64 16 Home: +46-18-30 35 55
Security Research & Systems Development at Bitnux
PGP Key Server pgp.mit.edu, PGP Key ID 0x08811B44
DF38 5806 0EFB 196E E4B6 34B5 4C01 73BB 0881 1B44
-------------------------------------------------

On Wed, Sep 14, 2005 at 12:50:08PM -0400, Dave Aitel wrote:

Andrew R. Reiter wrote:

<snip>

While this is on a different OS, I've seen numerous installer packages 
modify the binary being put onto the machine to include various 
information (OS version, arch, install time).  So, if for any reason, 
there are installation packages that do modify ELF files (I've never 
looked into this), you might have issues.  But I don't see this as a 
common thing to *nix -- though I've not looked into it.

You don't necessarily have to sign the whole file if you can sign 
sections (aka the text/data/global/etc segments) of  it, or include a 
"these segments are signed and all others should be ignored" segment, 
that is itself signed by RH/Dell/etc.

-dave

Cheers,
Andrew

Current thread:

Re: Default Deny on Executables, (continued)
- - - Re: Default Deny on Executables Simon B (Sep 14)
    - Re: Default Deny on Executables Kurt Seifried (Sep 14)
    - RE: Default Deny on Executables Sash (Sep 14)
    - Re: Default Deny on Executables Eduardo Tongson (Sep 14)
    - RE: Default Deny on Executables El Nahual (Sep 14)
    - Re: Default Deny on Executables miah (Sep 14)
    - Re: Default Deny on Executables Andrew R. Reiter (Sep 14)
    - RE: Default Deny on Executables El Nahual (Sep 14)
    - Re: Default Deny on Executables Dave Aitel (Sep 14)
    - Re: Default Deny on Executables Andrew R. Reiter (Sep 14)
    - Re: Default Deny on Executables Joel Eriksson (Sep 14)
    - Re: Default Deny on Executables Blue Boar (Sep 14)
  - Re: Re: Hacking's American as Apple Cider Marcus J. Ranum (Sep 20)
    - Re: Re: Hacking's American as Apple Cider Jason Syversen (Sep 20)
    - Science? (WAS: Hacking's American as Apple Cider) Barrie Dempster (Sep 21)
    - Re: Re: Hacking's American as Apple Cider pageexec (Sep 21)
    - Re: Re: Hacking's American as Apple Cider Marcus J. Ranum (Sep 21)
    - Re: Re: Hacking's American as Apple Cider I)ruid (Sep 23)
    - Re: Re: Hacking's American as Apple Cider byte_jump (Sep 23)
- Re: Re: Hacking's American as Apple Cider Jeremy Kelley (Sep 12)
  - RE: Re: Hacking's American as Apple Cider Paul Melson (Sep 12)

(Thread continues...)