Hey folks,
not sure whether this or the security board is the right forum. If I failed, please move
So here's the problem:
I need to build a Linux environment in which only "signed" processes are allowed to run. When I say signed I don't mean a VeriSign signature like you know it from Windows, but I mean signed by myself. I.e. I choose the software allowed to run, sign it, and then want to deny any other processes to run.
If it is somehow possible I'd like to extend this even to scripts and the kernel (i.e. no unsigned modules can be loaded).
Does anyone have a good idea how to solve this problem?
The bad thing is: I'm pretty fine with coding stuff myself in C, but have absolutely 0 experience or knowledge in kernel (module)-programming.
Any tipps, links, literature, finished programs will be appreciated, thanks
A short idea I had and almost forgot: How difficult is it to change the routine of linux which starts a process in such a way that it will call for every process start a little programm of myself which will then check the program to be executed and - in case of a missing signature - will cancel it?
I don't see any reason to do this.
If you build a system with only the programs that you will allow installed, and then give users restricted shell access only, they can only run programs that you have approved, and have no way to install others.
I think this technique has a lot of promise. There are several implementations. Here is one. Google for "linux signed executables only" to see other references.
And those of you who think execution bits or restricted shells provide adequate security might want to take a look. :rolleyes:
