No subject
Wed Apr 18 17:25:22 PDT 2007
What is the intention of this subtle distinction?
At the lowest levels, there is no distinction between binaries and other
files. All of it is considered the same: buffers of data in the buffer
cache. *That* is when the data is actually loaded into the memory of
the server.
At a higher level, I could see that a dynamic loader might want to
verify the signature of a dynamic library. And I can also see that much
of the code in the execution path of exec() would also want to validate
the signature.
Would it be possible to simplify or eliminate the distinction? Perhaps
something like this:
"When operating at increased security levels, the signatures of all
files that are marked as executable (or otherwise marked as
requiring a valid signature) will be verified by the following
calls: open(), exec(), [etc]. If the signature is not valid, an
error will be returned to the caller and the operation will not be
performed."
Andy
More information about the cgl_discussion
mailing list