Re: Checking integrity of /sbin/init from within kernel

[Markus Friedl <markus@openbsd.org>]

On Tue, Oct 01, 2002 at 10:50:17AM +0200, Torsten Valentin wrote:
> For my purposes and in my scenario it will improve security. My method
> is to give the kernel a new variable with a signature in it that I have

its not a signature, it's a shared secret.

> created before compiling my /sbin/init. Then I make my /sbin/init so
> that it checks for the signature in the kernel (similar to `sysclt
> kern.mysignature`). If the signature is correct, we are running "my"
> kernel. /sbin/init will continue. If not, it will die and halt the
> kernel. So the kernel checks if /sbin/init is correct and /sbin/init
> checks if we have the correct kernel.
> 
> You could say that it could be easy to create a kernel with my signature
> in it, but it isn't. You cannot read the signature from the kernel,

why is it not possible to read this 'signature'?

> because therefore you'd have to change /sbin/init and if you do that my
> kernel won't boot. Understood?
> 
> I think it's a huge improvement in security!

how? you just have to replace both 'signatures' or disable the
checks.

-m