Re: Locking Down a Linux Server

From: Seth Arnold (
Date: 01/08/02

Date: Tue, 8 Jan 2002 09:45:26 -0800
From: Seth Arnold <>
To: "''" <>

On Tue, Jan 08, 2002 at 11:19:06AM -0500, Jose Nazario wrote:
> On Tue, 8 Jan 2002, [iso-8859-1] Björn Eriksson wrote:
> > Agreed. Has, openwall or anyone else produced a kernel-
> > patch which only allows signed executables to run?
> immunix has a product that can do this. its very, very nice ... it uses
> hash signatures to control the veracity of the executable. 'subdomain' is
> the product, part of their commercial Immunix SDK.

Thanks Jose, for the free advertising :) ; however, I'm not entirely sure
SubDomain is the product Björn was looking for -- CryptoMark is. :)

SubDomain verifies an md5 hash of the executable against a table loaded
into the kernel from a plaintext file (usually at boot time, but the
program to load 'profiles' can be run at any time after boot by any
process not currently constrained by SubDomain).

As long as the file containing the profiles is reasonably well
protected, this is similar to what Björn wanted.

I am currently writing CryptoMark 2 -- signed executables, enforced by
the kernel. CryptoMark version 1 used DSA for its signing algorithm,
which is a little too slow for daily use. (That, and the nature of
signed executables sort of prevents demand-paging from working as

CryptoMark 2 is being re-written to use OpenSSL's RSA routines, which we
hope is fast enough to make signed executables economical enough for
daily use.

(CryptoMark ought to be simpler to configure than SubDomain, which
really provides a 'selective chroot'-style environment..)

For more information:

Thanks both Björn and Jose. :)

(Feel free to contact me off-list if you want more technical details on
either tool, or any of the Immunix family of tools. :)

Find out why the United States jailed a Russian citizen over a lecture: