Date: Fri, 15 Nov 1996 10:43:10 -0500 (EST) From: "John S. Dyson" <toor@dyson.iquest.net> To: rob@xs1.simplex.nl (Rob Simons) Cc: hackers@freebsd.org Subject: Re: Q: system specific binaries Message-ID: <199611151543.KAA01199@dyson.iquest.net> In-Reply-To: <199611151329.OAA00724@xs1.simplex.nl> from "Rob Simons" at Nov 15, 96 02:29:19 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Hi, > > Does anyone have any experience with customising FreeBSD so that only > binaries which are compiled on a system itself will actually run on > that system ? > So the local compiler has to give a key to each binary when it's > compiled, and when executed there'd be a check for that key. ? > That way only people who have access to the compiler may generate > binaries, and no 'foreign' binaries will be executed by the syetem. > > If this is too easy to break, is there perhaps a way to specify > from which directories binaries may be executed ? > Perhaps, formulate a system whereby the flags bits on a file are used in some way... Note that I am not talking about the "protection" bits, but there is another group of interesting things called flags bits that can be placed only under the control of the kernel. Just a thought. (Perhaps an "annoint" command???) John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611151543.KAA01199>