Contributed by jose on from the gpg--verify dept.
" Michael Williams posted this note in security-announce openbsd mailing list regarding a re-release of their signed_exec kernel option patches for OpenBSD 3.0 and OpenBSD 3.1 Release.I'm looking forward to a version of this which can work with the new systrace facility in OpenBSD-current.These are part of the freely available TrojanXproof[TM] Anti-Trojan and Trojan Detection (unofficial) kernel patches for OpenBSD and FreeBSD. Here is a copy of the announcement . "
(Comments are closed)
By Anonymous Coward () on
I am very very glad to see that OpenBSD is starting to have more features which are layers of security, instead of the old approach of making sure that everything is patched correctly and hope for the best.
One question re: GPG: The author of that program has the strange and mistaken idea that distibuting the cyrpto engine as a linkable library would somehow make it less secure. It needs to be a stand-alone program to be secure in his (incorrect) view. How does the kernel used GPG if it can't be linked in to the kernel? It seems like if it is always used as a stand-alone binary then if it is trojaned or replaced the whole thing could be trojaned, without needing to touch the kernel.