Whitelisting only digitally signed binaries
Ian Burrell
ianburrell at gmail.com
Fri Sep 19 00:17:21 UTC 2008
McGuffey, David C. <DAVID.C.MCGUFFEY <at> saic.com> writes:
>
> Has any work taken place in the Linux community toward building a
> "trusted loader" into Linux. If so, what is the status? If not, why
> not?
>
Check out http://disec.sourceforge.net/. The DigSig kernel module checks
digital signatures on ELF binaries and libraries. It is a third-party module so
using it on Fedora would be a challenge.
- Ian
More information about the fedora-list
mailing list