I received my first patch to slaughter today, which made me happy.
(I've made a new release including it, and updated the list of primitives to actually document the file-deletion facilities which previously I'd omitted to avoid encouraging mass-breakage.)
Andrew Pollock mentions that the days of elfsign might be numbered.
This is a shame because I've always liked the idea of signing binaries. Once upon a time, in the 2.4.x days, I wrote a kernel patch which would refuse to execute non-signed binaries. (This was mostly a waste of time; since it denied the execution of shell scripts. Which meant that the system init scripts mostly failed. My solution in the end was to only modprobe my module once the system was up and running, and hope for the best ...)
Right now, having performed only a quick search, I don't see anything like that at the moment.
- elfsign will let you store a binaries MD5 hash.
- bsign will let you sign a binary with a GPG key.
But where is the kernel patch to only execute such hashed/signed binaries, preventing the execution of random shell scripts and potentially trojaned binaries?
Without that I think signing binaries is a crazyish thing to do. Sure you can test that a file hasn't been modified, but even without those tools you can do the same thing via md5sums.
(ObRandom: Clearly if you mass-modify all your binaries the system md5sums database will be trashed.)
I've received a bug report against chronicle, my blog compiler.
It seems that some versions of perl fail to run this:# # Run the command, reading stdout. # open( FILTER, "$cmd|;utf8" ) or die "Failed to run filter: $!";
Removing the ;utf8 filter allows things to work, but will trash any UTF-8 characters from the output - so that's a nasty solution.
I'm not sure what the sane solution is here, so I'm going to sit on it for a few days and continue to write test scripts.
Tags: bsign, chronicle, md5sum, slaughter 6 comments
Did you try opening FILTER without ";utf8" and then doing binmode(FILTER, ":utf8")?
Two-argument variant of open() is evil anyway - I think it's good practice to always give the mode string and command/filename in separate arguments.