Whitelisting only digitally signed binaries
McGuffey, David C.
DAVID.C.MCGUFFEY at saic.com
Thu Sep 18 18:24:09 UTC 2008
>
> > > Has any work taken place in the Linux community toward building a
> > > "trusted loader" into Linux. If so, what is the status? If not,
> > > why not?
> >
> > This would be against the very idea of Free Software, i.e. the right
> > to freely modify your software and use such modified versions.
> > See e.g.: http://www.gnu.org/philosophy/can-you-trust.html
>
> That depends on who has the keys. If the system admins can use their
> own keys, then it isn't a problem.
>
There are times I don't care about "philosophy" as much as being able to
deliver a stable somewhat-trusted box to a customer. I have customers
for whom configuration managed baselines are very important. Once the
baseline is established, they want it locked down, and want to be able
to detect when the baseline changes...better yet, ensure the baseline
can't change without authorization. Once a server is in production,
"philosophy" takes a back seat.
Of course the ability for the end-user to modify open source or create
custom apps and be able to sign them has go to be part of the solution.
Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM SAIC,
IISBU, Columbia, MD
More information about the fedora-list
mailing list