tech-security: Re: Kernel modification that verifies execs against a md5

Subject: Re: Kernel modification that verifies execs against a md5
To: Erik Fair <fair@clock.org>
From: Brett Lymn <blymn@baea.com.au>
List: tech-security
Date: 03/15/2000 10:09:05

  by redmail.netbsd.org with SMTP; 14 Mar 2000 23:40:31 -0000
	by myall.awadi.com.au (8.9.3/8.9.3) with SMTP id KAA14399;
	Wed, 15 Mar 2000 10:09:07 +1030 (CST)
	id KAA26038; Wed, 15 Mar 2000 10:09:06 +1030
	id KAA06053; Wed, 15 Mar 2000 10:09:05 +1030
From: blymn@baea.com.au (Brett Lymn)
Message-Id: <200003142339.KAA06053@mallee.awadi>
Subject: Re: Kernel modification that verifies execs against a md5
To: fair@clock.org (Erik Fair)
Date: Wed, 15 Mar 2000 10:09:05 +1030 (CST)
Cc: thorpej@zembu.com, blymn@baea.com.au (Brett Lymn),
        tech-security@netbsd.org
In-Reply-To: <v04220802b4f42cd5b404@[10.66.51.205]> from "Erik Fair" at Mar 14, 2000 09:57:16 AM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

According to Erik Fair:
>
>What about netbooted systems (e.g. DEC Shark)? There was a paper 
>given not too many years ago about modifying binaries as they fly by 
>on the wire.

Yes, NFS was not a FS that I thought would be valuable for this
scheme there are too many sneaky things you can do.

> I suppose once we have NFS working by default on top of 
>IPsec, this will be less of a concern...
>

As long as you can trust the file server.

>It is also possible to modify binaries directly, through the disk 
>device. Granted, your program to do so must now understand various FS 
>formats, but since we're all open source here, this shouldn't be too 
>difficult for an attacker, even if it makes his tools fat.
>

At the higher securelevels you are not allowed to open the raw device
so spelunking the FS directly is not an option.

>I don't want this md5 facility on by default, but it wouldn't 
>necessarily be a bad thing to have as an option for the truly 
>paranoid.

It is optional.

> (of course, you're not paranoid if they're really out to 
>get you...).
>

Oh they are, they are ;-)

-- 
===============================================================================
Brett Lymn, Computer Systems Administrator, BAE SYSTEMS
===============================================================================