23 Nov
2004
23 Nov
'04
4:25 a.m.
Sun will be releasing Solaris 10 shortly as a commercial product
available for purchase. There is a new file system that is 128-bit, and
is protected by md5 checksums, I think this is a great idea for reactos.
I think before a program executes there should be a binary verifier that
checks this checksum and then allows the program to run. This would help
in deterring Windows viruses from attaching themselves to reactos
binaries. Since ReactOS is open source it will be harder to protect a
binary if there is an attack and a malicious user replaces a dll or an
exe. Perhaps this can be done using a small xml file or a txt file
called md5sums or something. Please let me know what you think.
24 Nov
24 Nov
3:22 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rick Langschultz wrote:
| Sun will be releasing Solaris 10 shortly as a commercial product
| available for purchase. There is a new file system that is 128-bit, and
| is protected by md5 checksums, I think this is a great idea for reactos.
| I think before a program executes there should be a binary verifier that
| checks this checksum and then allows the program to run. This would help
| in deterring Windows viruses from attaching themselves to reactos
| binaries. Since ReactOS is open source it will be harder to protect a
| binary if there is an attack and a malicious user replaces a dll or an
| exe. Perhaps this can be done using a small xml file or a txt file
| called md5sums or something. Please let me know what you think.
I think Windows already does this with the "System File Checker", which
ROS may create in it's own way later on.
~ -uniQ
PS. MD5 is kindof insecure, better to use a SHA or other algorithm.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBo/6H7mze81O92HkRAsC6AJwMwUhbCwtLH+C2ia8Vr5cb9SrnCwCeL8c3
XS/lwup5a94BX6/2WkLq3mQ=
=qYiU
-----END PGP SIGNATURE-----
8:31 a.m.
Rick Langschultz wrote:
Sun will be releasing Solaris 10 shortly as a
commercial product
available for purchase. There is a new file system that is 128-bit, and
is protected by md5 checksums, I think this is a great idea for reactos.
I think before a program executes there should be a binary verifier that
checks this checksum and then allows the program to run. This would help
in deterring Windows viruses from attaching themselves to reactos
binaries. Since ReactOS is open source it will be harder to protect a
binary if there is an attack and a malicious user replaces a dll or an
exe. Perhaps this can be done using a small xml file or a txt file
called md5sums or something. Please let me know what you think.
The PE format already allows for something like this (although it might
be very insecure, I don't know), see the Checksum field in section:
3.4.2. Optional Header Windows NT-Specific Fields (Image Only)
Of pecoff.doc:
http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
8:59 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jasper van de Gronde wrote:
| The PE format already allows for something like this (although it might
| be very insecure, I don't know), see the Checksum field in section:
| 3.4.2. Optional Header Windows NT-Specific Fields (Image Only)
| Of pecoff.doc:
| http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
They don't seem to say the algorithm used, but it's likely MDx (4 or 5),
both of which have been cracked (Feel free to correct me), so that might
not be too good. Also the verification is done via a DLL called
"IMAGHELP.DLL", which we may or may not have. Also, I'm not sure if the
"image" refers to a picture, or some other binary construction (You can
tell I'm a newbie ;)).
~ -uniQ
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBpE1w7mze81O92HkRAuqSAJ9nJz7tUz8Vflv5CIL5DCCitcYoDACcCEEr
w0DLkWPosBm8T0G+1syL8F0=
=RyYt
-----END PGP SIGNATURE-----
11:52 a.m.
-----Original Message-----
From: ros-dev-bounces(a)reactos.com
[mailto:ros-dev-bounces@reactos.com] On Behalf Of K McI
Sent: 24. november 2004 09:59
To: ReactOS Development List
Subject: Re: [ros-dev] ReactOS and Viruses
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jasper van de Gronde wrote:
| The PE format already allows for something like this (although it
| might be very insecure, I don't know), see the Checksum
field in section:
| 3.4.2. Optional Header Windows NT-Specific Fields (Image Only) Of
| pecoff.doc:
| http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
They don't seem to say the algorithm used, but it's likely
MDx (4 or 5), both of which have been cracked (Feel free to
correct me), so that might not be too good. Also the
verification is done via a DLL called "IMAGHELP.DLL", which
we may or may not have. Also, I'm not sure if the "image"
refers to a picture, or some other binary construction (You
can tell I'm a newbie ;)).
You misunderstand the purpose of the checksum. It is there to prevent
the OS from executing corrupted images.
Casper
12:10 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Casper Hornstrup wrote:
| You misunderstand the purpose of the checksum. It is there to prevent
| the OS from executing corrupted images.
|
| Casper
::roll: I tell you, I'm a newbie and it shows ;)
~ -uniQ
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBpHog7mze81O92HkRAsvcAJ49ynr6QXQ09cbir1PRBm9vY4t+twCeLBjW
S2dsmG3wwynjeaKKI8QlPwM=
=NNdw
-----END PGP SIGNATURE-----
2:41 p.m.
Hi,
--- K McI <uniq(a)wwsvr.bounceme.net> wrote:
They don't seem to say the algorithm used, but
it's likely MDx (4 or
5),
both of which have been cracked (Feel free to correct me), so that
might
not be too good. Also the verification is done via a DLL called
"IMAGHELP.DLL", which we may or may not have. Also, I'm not sure if
the
"image" refers to a picture, or some other binary construction (You
can
tell I'm a newbie ;)).
We have a imaghlp.dll from Wine. It is out of sync atm. I plan on
syncin it and dbghlp soon.
Thanks
Steven
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
7239
days inactive
7240
days old
6 comments
5 participants
participants (5)
-
Casper Hornstrup -
Jasper van de Gronde -
K McI -
Rick Langschultz -
Steven Edwards