On Tue, Oct 15, 2002 at 11:19:11PM -0700, Simon J. Gerraty wrote:
> 
> Also, you can have the benefit of "signed" binaries with no more cost
> than the hashing - in as much as you can have a userland tool that 
> verifies the signature (eg. binary is signed by a trusted 3rd party 
> such as the OS vendor or the local admin) and only if valid, passes the 
> hash down to the kernel so that the binary can be exec'd.
>

Someone else was thinking about pursuing this, it does provide some
other capabilities but has it's own downsides - you cannot apply the
scheme to a shell script.
 
> Even if you go so far as to do the signature verification in the kernel,
> the result of that can again be simply installing the hash in the 
> "ok to exec" list or whatever.
> 

Ummmm that is exactly what I am proposing to add to the kernel!


-- 
Brett Lymn