>On Mon, Oct 14, 2002 at 06:10:44PM +0200, Alan Barrett wrote:
>> Of the three names you have mentioned (fingerprinted/signed/hashed
>> exec), I like "fingerprinted exec" best. The term "signed exec" conveys
>> the (false) impression that there's some kind of public/private key
>> pair involved. The term "hashed exec" raises the question of whether

Actually I don't see a problem with "signed exec".
True the current "signature" is very weak ;-), but if/when you introduce
newer/better signature verification, you don't have to rename everything.

Also, you can have the benefit of "signed" binaries with no more cost
than the hashing - in as much as you can have a userland tool that
verifies the signature (eg. binary is signed by a trusted 3rd party
such as the OS vendor or the local admin) and only if valid, passes the
hash down to the kernel so that the binary can be exec'd.

Even if you go so far as to do the signature verification in the kernel,
the result of that can again be simply installing the hash in the
"ok to exec" list or whatever.

--sjg

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]