Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 1 Sep 2007 18:30:20 -0400
From:      Mike Meyer <mwm-keyword-freebsdhackers2.e313df@mired.org>
To:        "Klaus Schneider" <klausps@gmail.com>
Cc:        hackers@freebsd.org
Subject:   Re: Exclusive binary files
Message-ID:  <20070901183020.6a098955@bhuda.mired.org>
In-Reply-To: <45910cf20709011027o546363e2h4f5646b15e0f84a2@mail.gmail.com>
References:  <45910cf20709011027o546363e2h4f5646b15e0f84a2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 1 Sep 2007 14:27:42 -0300 "Klaus Schneider" <klausps@gmail.com> wrote:
> Well, anybody know a way to make the FreeBSD run just binaries that I have
> compiled?

In general, it's impossible. There's no way the system can know that
you compiled a binary. There are a number of things you could do with
a custom kernel and toolchain to indicate that you compiled the binary
(like Peter's changing of ELF OSABI), but that's just security through
obscurity. If someone figures out those changes and replicates them,
you lose. The extreme version of this involves designing a new
processor, getting a copy fabbed, porting FreeBSD to it, and then
using that. Somewhat more practical are crypto technics, say having
the kernel check that you've digitally signed the binaries. Those
aren't unbreakable, just expensive to break.

> For example:
> A hacker get a access to a shell into my server, and then it put a exploit
> code, but on the machine don't have a compiler, then he tries to put the
> compiled exploit... supose that I can't mount the users partition
> in "noexec" mode...
> Anybode knows a solution for these?

You haven't described why you can't make the users partition noexec
(which is really strange since you don't want users to be able to
install executables), so no, I can't provide a solution for that.

There are lots of other possibilities that might turn up with a
different phrasing of the problem. For instance, restricting the
kernel to a fixed list of executables should be doable. But until you
tell us what problem you're really trying to solve, there's no way to
know which would be acceptable and which wouldn't.

     <mike
-- 
Mike Meyer <mwm@mired.org>		http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070901183020.6a098955>