OpenBSD Journal

Re-released GPG signed Trojanproof

Contributed by jose on from the gpg--verify dept.

Dan writes :
" Michael Williams posted this note in security-announce openbsd mailing list regarding a re-release of their signed_exec kernel option patches for OpenBSD 3.0 and OpenBSD 3.1 Release.

These are part of the freely available TrojanXproof[TM] Anti-Trojan and Trojan Detection (unofficial) kernel patches for OpenBSD and FreeBSD. Here is a copy of the announcement . "

I'm looking forward to a version of this which can work with the new systrace facility in OpenBSD-current.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    OpenBSD is just awesome. I hope that this becomes part of the standard distibution (as a feature that can be enabled perhaps).

    I am very very glad to see that OpenBSD is starting to have more features which are layers of security, instead of the old approach of making sure that everything is patched correctly and hope for the best.

    One question re: GPG: The author of that program has the strange and mistaken idea that distibuting the cyrpto engine as a linkable library would somehow make it less secure. It needs to be a stand-alone program to be secure in his (incorrect) view. How does the kernel used GPG if it can't be linked in to the kernel? It seems like if it is always used as a stand-alone binary then if it is trojaned or replaced the whole thing could be trojaned, without needing to touch the kernel.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]