Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement idea: Add rule type to block based on signing time #15

Open
pmarkowsky opened this issue Oct 4, 2024 · 0 comments
Open

Enhancement idea: Add rule type to block based on signing time #15

pmarkowsky opened this issue Oct 4, 2024 · 0 comments
Labels
enhancement New feature or request rules Issues or PRs related to Santa rules

Comments

@pmarkowsky
Copy link
Contributor

It might be nice to have the ability to block old applications from running.

We'd likely need a rule type to be a combined Cert Hash and Timestamp value. Binaries signed with that certificate would then only be allowed to run if signed after then given time.

This is similar to a request to block by version, but is perhaps more workable generically.

There are some limitations to this proposal being used to block old, potentially known bad versions - E.g. if a company maintains more than one release train, with the older trains being vulnerable, there might be newer releases of the old train that would pass this check (e.g. v3.* is vulnerable and a fix cannot be backported, but v3.* and v4.* are maintained, a company could release v3.5 after v4.0).
@pmarkowsky pmarkowsky added enhancement New feature or request rules Issues or PRs related to Santa rules labels Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request rules Issues or PRs related to Santa rules
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pmarkowsky