On Sunday 12 July 2009 6:11:23 pm Jason C. Wells wrote:
> Is there a method by which we can check the consistency of an executable
> or library prior to trusting it for execution? For example, if the file
> doesn't exist in the list of trusted files or the checksums do not match
> then do not allow execution and write a warning message to the log. I
> could do this manually with existing features like mtree. It would be
> nice if the system could do it for me.
I believe csjp@ has a MAC module to store checksums of trusted executables in
the kernel and to fail execve() if the executable is not a known trusted
binary.
--
John Baldwin
_______________________________________________
freebsd-chat@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chatTo unsubscribe, send any mail to "
freebsd-chat-unsubscribe@..."
