Find the answer to your Linux question:
Results 1 to 3 of 3
how can i make Linux (any distro) run only signed code ? it does not have to be signed by the author ,it can be signed by me. can we ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2011
    Posts
    22

    Lightbulb Any way i can make linux only run signed code ?


    how can i make Linux (any distro) run only signed code ?
    it does not have to be signed by the author ,it can be signed by me.
    can we do that ? is it of any practical security benefits ?

  2. #2
    Linux Engineer
    Join Date
    Dec 2013
    Posts
    1,323
    Signed code is a failed effort of Microsoft to convince the buying public that they were trying to make their OS safe. Linux, and UNIX in general, has a structure that makes it difficult for malevolent code to do damage. Much software is available through package repositories that are safe to use, and as long as you're careful what you run as root, software effectively runs in a sandbox defined by file and directory permissions. Software packages often are "signed" if you like, when downloaded from trusted sources by a hash identity string which can be tested using something like md5sum. This provides some assurance that the contents are as they were when packaged by the source. However, there is no corollary to the MS signing fiasco.

    If your were concerned that the machine you are using, for some reason, might have the software altered, you could use a hashing algorithm and store the known hashes of the software somewhere safe - then check that the binary hadn't changed before being executed. This could also be a guard against self modifying code I suppose. Better the simply practise safe computing I'd suggest.

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,601
    @gregm
    Pretty well put. Signing only helps when installing software on Linux systems. It is of zero use when running already installed applications. You can use checksum generating programs such as md5sum, sha256sum, etc to verify that the application you are running is the same as what you installed, but this isn't something you would do automatically when running them, unless the OS supports that capability, which no-one does afaik...
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •