Re: Whitelisting only digitally signed binaries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> > > Has any work taken place in the Linux community toward building a 
> > > "trusted loader" into Linux.  If so, what is the status? If not, 
> > > why not?
> >
> > This would be against the very idea of Free Software, i.e. the right

> > to freely modify your software and use such modified versions.
> > See e.g.: http://www.gnu.org/philosophy/can-you-trust.html
> 
> That depends on who has the keys. If the system admins can use their 
> own keys, then it isn't a problem.
>

There are times I don't care about "philosophy" as much as being able to
deliver a stable somewhat-trusted box to a customer. I have customers
for whom configuration managed baselines are very important.  Once the
baseline is established, they want it locked down, and want to be able
to detect when the baseline changes...better yet, ensure the baseline
can't change without authorization. Once a server is in production,
"philosophy" takes a back seat.

Of course the ability for the end-user to modify open source or create
custom apps and be able to sign them has go to be part of the solution.

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM SAIC,
IISBU, Columbia, MD


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux