Signed executables under Linux (or other OS's)

Question

This question was asked first at stackoverflow. After 60 views, I got just one response. Now I'm trying serverfault - that's a pertinent topic for here, I guess.

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is

How to sign executable code and run only trusted software under Linux?

I have read the work of van Doom et al., Design and implementation of signed executables for Linux, and the IBM's TLC (Trusted Linux Client) by Safford & Zohar. TLC uses TPM controller, what is nice, but the paper is from 2005 and I was unable to find current alternatives.

Do you know another option?

UPDATE: And about other OS's? OpenSolaris? BSD family?

Answer 1

Solaris has elfsign(1) which attaches X.509 certificates to ELF binaries. Sun has signed most if not all the binaries it ships, however I'm not sure how to make Solaris only run signed binaries. There's elfsign and bsign for Linux, but neither has been maintained recently.

Answer 2

Have a look at DigSig

Answer 3

seLinux may provide what you're looking for.

Answer 4

Windows had Software Restriction Policies, and more recently has added AppLocker for enforcing signature-based access controls on code execution. (Internet Explorer has also had Authenticode for awhile now, but it's less of a general purpose executable signature validation mechanism and more for in-browser code.)

The enforcement of execution of signed executables is certainly a good thing, but it's not a panacea (as we've seen with video gaming consoles that heavily use code signing for development license enforcement). Vulnerabilities in signed executables through poor validation of untrusted input still allow for execution of arbitrary code. Having said that, though, it does add an additional layer of security.