No subject


Wed Apr 18 12:39:03 PDT 2007


What is the intention of this subtle distinction?

At the lowest levels, there is no distinction between binaries and other
files.  All of it is considered the same: buffers of data in the buffer
cache.  *That* is when the data is actually loaded into the memory of
the server.

At a higher level, I could see that a dynamic loader might want to
verify the signature of a dynamic library.  And I can also see that much
of the code in the execution path of exec() would also want to validate
the signature.

Would it be possible to simplify or eliminate the distinction?  Perhaps
something like this:

    "When operating at increased security levels, the signatures of all
    files that are marked as executable (or otherwise marked as
    requiring a valid signature) will be verified by the following
    calls: open(), exec(), [etc].  If the signature is not valid, an
    error will be returned to the caller and the operation will not be
    performed."
    
Andy





More information about the cgl_discussion mailing list