Zhang Jiang jason-MGI8240 wrote:
Hi, Ian and Gisle,
While I was searching the Internet to solve the similar problem, your
email communications popped up (see the attachment below). Just
wondering if you guys can provide me more progress or information
about loading secure binaries? I also face the same problem that
somebody may load and execute malicious code on top of our embedded
Linux OS. If you guys can share some experience on the embedded Linux,
I really appreciate!
I answered you in private email saying that I did not know about such a
system, and outlined how it could
be implemented, but it turned out I was wrong, at least for kernel
modules. There were even an article in
linuxjournal about it. Maybe not very well tested yet, but it has made
it into some of the Fedora test kernels at least:
http://www.linuxjournal.com/article/7130
http://sourceforge.net/projects/disec
http://lwn.net/Articles/92617/
This has not to my knowledge made it into the base kernel, and I would
guess that it will meet some
resistance, since it potentially can be used to prevent people from
modify systems they own, DRM-like
schemes and similar, but it can also increase the security on some
servers. For executables in
userspace some of the features of SELinux may solve some of your issues,
depending on what you try to
archieve.
- Gisle
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
