Linux下已签名的可执行文件 [英] Signed executables under Linux
问题描述
出于安全考虑,最好在执行之前检查代码的完整性,避免受到攻击者的篡改软件.所以,我的问题是
For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is
如何在Linux下签名可执行代码并仅运行受信任的软件?
我已经阅读了Van Doom等人的著作,针对Linux签名可执行文件的设计和实现以及IBM的
I have read the work of van Doom et al., Design and implementation of signed executables for Linux, and the IBM's TLC (Trusted Linux Client) by Safford & Zohar. TLC uses TPM controller, what is nice, but the paper is from 2005 and I was unable to find current alternatives.
您知道其他选择吗?
更新:关于其他操作系统? OpenSolaris的? BSD家族?
UPDATE: And about other OS's? OpenSolaris? BSD family?
推荐答案
内核模块 DigSig 实现了对由名为bsign
的工具签名的二进制文件.但是,自Linux内核2.6.21版以来,没有任何工作.
The DigSig kernel module implements verification of binaries signed by a tool called bsign
. However, there hasn't been any work on it since version 2.6.21 of the Linux kernel.
这篇关于Linux下已签名的可执行文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!