Open vbwagner opened 6 years ago
lumag
commented
6 years ago @vbwagner I'd prefer a more generic solution. However implementing this kind of signatures would allow one to hook into load_script function thus enforcing trust to scripts origin.
vbwagner
commented
6 years ago I think too generic solutions are bad - error-prone, ineffecitive and provide bad usability. Really, we have few executable formats: ELF binaries, JAR archives, human readable script files and it is almost all (we may skip PE executables running through wine). And it is worth effort to implement separate solution for each of them.
Scripts are often copied from system to system via simple file operation and downloaded via browser. Much more often than ELF binaries which are typically handled by package manager. So for scripts it is much more important to embed signature into script itself.
lumag
commented
6 years ago Agreed, there should be support for in-script signatures. I like this design, thank you.
There is an idea how to embed signatures into scripts on most scripting languages. Nearly all wide-spread scripting languages have one-line comments, starting from one special symbol (typically hashmark).
So, adding to the beginning of script several lines starting with hashmark wouldn't affect its functionality. Thus we just can put pem-encoded PKCS7 signature with embedded signer certificate into comment block just after she-bang (#!) line. this signature can be easily checked by excluding lines from # ----BEGIN PKCS7----- to # -----END PKCS7----- from hash calculation.