PREVIEW: bsign embeds hash and/or digital signature in ELF files

Brian Warner warner at
Mon Dec 14 11:43:38 CET 1998

ratinox at (Stainless Steel Rat) writes:
> "OL" == Oscar Levi <elf at> writes:
> OL> It embeds a hash and optional GPG signature in ELF format files that
> OL> can be use to do two things.
> The idea is good, but I think you might be making the system needlessly
> complex.  Take a look at what Tripwire does.

Hmm.. would there be any benefit (for a particularly paranoid system) to
putting the signature-verification code in the kernel? Then you could build a
system that would only be willing to execute trusted binaries, period. As you
said, it couldn't help for the various text files. But for shell/perl scripts,
if you were so inclined you could build a special version of perl etc that
would only execute signed scripts, and only sign that special version and not
the real (unrestricted) one.

Having a Tripwire database verified by the kernel before performing an exec()
would probably accomplish the same thing more easily.


More information about the Gnupg-devel mailing list