On Sun, 2017-10-22 at 18:14 -0400, Eric McCorkle wrote:> Hello everyone,
>
> The following is a write-up of my current design for a public-key trust
> system:
>
> https://www.metricspace.net/files/freebsd_trust.pdf
>
> Some of you are certainly familiar with some or all of this;
> I've discussed parts of it before on -hackers and -security, and I
> discussed it in greater detail in BoF sessions at vBSDCon.??It seems
> things are heating up in this direction, so I'd like to get this out
> there and get discussion and feedback.
>
> I plan on undertaking work on this in the very near future, especially
> since the commit-train for GELI EFI is ready to arrive in HEAD.
>
> A bit about the format: this is sort of the "meat" of what I hope
will
> be a paper some day, but it's still an initial draft.??Moreover, it
> talks about things I'm planning as if they exist, mainly because I
don't
> want to have to go back and rewrite everything in the future.??In
> reality, most of what I talk about is just a proposal at this point,
> with a few bits being implemented as a PoC here and there.
>
> Please read and consider the designs I've proposed.??I welcome any
> feedback and suggestions.??I'll give it a week minimum from today
before
> I resume any work on this stuff.
>
>
> Note: Apologies for the external link; I had originally included this as
> an attachment, but it was too large.
> _______________________________________________
Any thoughts on how to validate executables which are not elf binaries,
such as shell scripts, python programs, etc?
-- Ian