Vincent Roy is an electrical engineering student at Sherbrooke University (Canada). He has been working on Linux kernel–related project since his first internship.
This article presents a Linux kernel module capable of verifying digital
signatures of ELF binaries before running them. This kernel module is
available under the GPL license at http://sourceforge.net/projects/disec, and
has been successfully tested for kernel 2.5.66 and above.
Why Check the Signature of Your Binaries Before Running Them?
The problem with blindly running executables is that you are never sure they
actually do what you think they are supposed to do (and nothing more).
Viruses spread so much on Microsoft Windows systems mainly because users are
frantic to execute whatever they receive, especially if the title is
appealing. The LoveLetter virus, with over 2.5 million machines infected, is
a famous illustration of this. Yet Linux is unfortunately not immune to
malicious code either. By executing unknown and untrusted code, users are
exposed to a wide ran... (more)
Vincent Roy is an electrical engineering student at Sherbrooke University (Canada). He has been working on Linux kernel–related project since his first internship.
David Lucas
Shaul Efraim
Terence Martin Breslin
Cory Marchand
David Hughes
James Carlini
John Iffert
Dan Stolts
Joe Zeto
