Mailing List Archive: signing --load extensions ?

signing --load extensions ?

Sep 22, 1998, 3:30 AM

Post #1 of 3 (492 views)

Moin,

does it make sense to sign the loadable extension code?

Otherwise it would be easy to put an trojan extension named e.g.
"tiger" instead of the true one into the extension "path"?

Just my 2 eurocents...

Gruss,
Walter

Walter Koch
phinware Beratung und Software GmbH
Düsseldorf
w.koch@phinware.de

Re: signing --load extensions ? [ In reply to ]

wk at isil

Sep 22, 1998, 7:47 AM

Post #2 of 3 (482 views)

Permalink

Walter Koch <w.koch@phinware.de> writes:

> does it make sense to sign the loadable extension code?
>
> Otherwise it would be easy to put an trojan extension named e.g.
> "tiger" instead of the true one into the extension "path"?

No. You would also have to sign /lib/libc*, the gnupg executables
and of course the kernel (and the Xserver and ....).

To avoid trojan horses, the program should be installed with owner root
and the sysadmin should install tripwire to detect changed code.

Werner

Re: signing --load extensions ? [ In reply to ]

warner at lothar

Sep 23, 1998, 12:50 AM

Post #3 of 3 (484 views)

Permalink

wk@isil.d.shuttle.de (Werner Koch) writes:
> Walter Koch <w.koch@phinware.de> writes:
>
> > does it make sense to sign the loadable extension code?
> >
> > Otherwise it would be easy to put an trojan extension named e.g.
> > "tiger" instead of the true one into the extension "path"?
>
> No. You would also have to sign /lib/libc*, the gnupg executables
> and of course the kernel (and the Xserver and ....).
>
> To avoid trojan horses, the program should be installed with owner root
> and the sysadmin should install tripwire to detect changed code.
>
> Werner

Plus, there isn't an extension "path".. there's only the one hardcoded
directory, or you can use --load-extension with an explicit filename. So it
would be very hard to accidentally use an untrusted extension.

-Brian