Signed executables under Linux (or other OS’s)

Posted on

Signed executables under Linux (or other OS’s) – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, security, , , .

This question was asked first at stackoverflow. After 60 views, I got just one response. Now I’m trying serverfault – that’s a pertinent topic for here, I guess.

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is

How to sign executable code and run only trusted software under Linux?

I have read the work of van Doom et al., Design and implementation of signed executables for Linux, and the IBM’s TLC (Trusted Linux Client) by Safford & Zohar. TLC uses TPM controller, what is nice, but the paper is from 2005 and I was unable to find current alternatives.

Do you know another option?

UPDATE: And about other OS’s? OpenSolaris? BSD family?

Solution :

Solaris has elfsign(1) which attaches X.509 certificates to ELF binaries. Sun has signed most if not all the binaries it ships, however I’m not sure how to make Solaris only run signed binaries. There’s elfsign and bsign for Linux, but neither has been maintained recently.

Have a look at DigSig

seLinux may provide what you’re looking for.

Windows had Software Restriction Policies, and more recently has added AppLocker for enforcing signature-based access controls on code execution. (Internet Explorer has also had Authenticode for awhile now, but it’s less of a general purpose executable signature validation mechanism and more for in-browser code.)

The enforcement of execution of signed executables is certainly a good thing, but it’s not a panacea (as we’ve seen with video gaming consoles that heavily use code signing for development license enforcement). Vulnerabilities in signed executables through poor validation of untrusted input still allow for execution of arbitrary code. Having said that, though, it does add an additional layer of security.

Leave a Reply

Your email address will not be published. Required fields are marked *