Sun will be releasing Solaris 10 shortly as a commercial product available for purchase. There is a new file system that is 128-bit, and is protected by md5 checksums, I think this is a great idea for reactos. I think before a program executes there should be a binary verifier that checks this checksum and then allows the program to run. This would help in deterring Windows viruses from attaching themselves to reactos binaries. Since ReactOS is open source it will be harder to protect a binary if there is an attack and a malicious user replaces a dll or an exe. Perhaps this can be done using a small xml file or a txt file called md5sums or something. Please let me know what you think.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Rick Langschultz wrote: | Sun will be releasing Solaris 10 shortly as a commercial product | available for purchase. There is a new file system that is 128-bit, and | is protected by md5 checksums, I think this is a great idea for reactos. | I think before a program executes there should be a binary verifier that | checks this checksum and then allows the program to run. This would help | in deterring Windows viruses from attaching themselves to reactos | binaries. Since ReactOS is open source it will be harder to protect a | binary if there is an attack and a malicious user replaces a dll or an | exe. Perhaps this can be done using a small xml file or a txt file | called md5sums or something. Please let me know what you think.
I think Windows already does this with the "System File Checker", which ROS may create in it's own way later on.
~ -uniQ
PS. MD5 is kindof insecure, better to use a SHA or other algorithm.
Rick Langschultz wrote:
Sun will be releasing Solaris 10 shortly as a commercial product available for purchase. There is a new file system that is 128-bit, and is protected by md5 checksums, I think this is a great idea for reactos. I think before a program executes there should be a binary verifier that checks this checksum and then allows the program to run. This would help in deterring Windows viruses from attaching themselves to reactos binaries. Since ReactOS is open source it will be harder to protect a binary if there is an attack and a malicious user replaces a dll or an exe. Perhaps this can be done using a small xml file or a txt file called md5sums or something. Please let me know what you think.
The PE format already allows for something like this (although it might be very insecure, I don't know), see the Checksum field in section: 3.4.2. Optional Header Windows NT-Specific Fields (Image Only) Of pecoff.doc: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jasper van de Gronde wrote: | The PE format already allows for something like this (although it might | be very insecure, I don't know), see the Checksum field in section: | 3.4.2. Optional Header Windows NT-Specific Fields (Image Only) | Of pecoff.doc: | http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
They don't seem to say the algorithm used, but it's likely MDx (4 or 5), both of which have been cracked (Feel free to correct me), so that might not be too good. Also the verification is done via a DLL called "IMAGHELP.DLL", which we may or may not have. Also, I'm not sure if the "image" refers to a picture, or some other binary construction (You can tell I'm a newbie ;)).
~ -uniQ
-----Original Message----- From: ros-dev-bounces@reactos.com [mailto:ros-dev-bounces@reactos.com] On Behalf Of K McI Sent: 24. november 2004 09:59 To: ReactOS Development List Subject: Re: [ros-dev] ReactOS and Viruses
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jasper van de Gronde wrote: | The PE format already allows for something like this (although it | might be very insecure, I don't know), see the Checksum field in section: | 3.4.2. Optional Header Windows NT-Specific Fields (Image Only) Of | pecoff.doc: | http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
They don't seem to say the algorithm used, but it's likely MDx (4 or 5), both of which have been cracked (Feel free to correct me), so that might not be too good. Also the verification is done via a DLL called "IMAGHELP.DLL", which we may or may not have. Also, I'm not sure if the "image" refers to a picture, or some other binary construction (You can tell I'm a newbie ;)).
You misunderstand the purpose of the checksum. It is there to prevent the OS from executing corrupted images.
Casper
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Casper Hornstrup wrote: | You misunderstand the purpose of the checksum. It is there to prevent | the OS from executing corrupted images. | | Casper
::roll: I tell you, I'm a newbie and it shows ;)
~ -uniQ
Hi,
--- K McI uniq@wwsvr.bounceme.net wrote:
They don't seem to say the algorithm used, but it's likely MDx (4 or 5), both of which have been cracked (Feel free to correct me), so that might not be too good. Also the verification is done via a DLL called "IMAGHELP.DLL", which we may or may not have. Also, I'm not sure if the "image" refers to a picture, or some other binary construction (You can tell I'm a newbie ;)).
We have a imaghlp.dll from Wine. It is out of sync atm. I plan on syncin it and dbghlp soon.
Thanks Steven
__________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
-
Casper Hornstrup -
Jasper van de Gronde -
K McI -
Rick Langschultz -
Steven Edwards