From owner-freebsd-hackers@FreeBSD.ORG  Thu Feb 21 01:26:41 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4B75416A400
	for <freebsd-hackers@freebsd.org>; Thu, 21 Feb 2008 01:26:41 +0000 (UTC)
	(envelope-from kientzle@freebsd.org)
Received: from kientzle.com (h-66-166-149-50.snvacaid.covad.net
	[66.166.149.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 8716713C469
	for <freebsd-hackers@freebsd.org>; Thu, 21 Feb 2008 01:26:40 +0000 (UTC)
	(envelope-from kientzle@freebsd.org)
Received: from [10.0.0.204] (p54.kientzle.com [66.166.149.54])
	by kientzle.com (8.12.9/8.12.9) with ESMTP id m1L1QdUP028884;
	Wed, 20 Feb 2008 17:26:40 -0800 (PST)
	(envelope-from kientzle@freebsd.org)
Message-ID: <47BCD34F.7010309@freebsd.org>
Date: Wed, 20 Feb 2008 17:26:39 -0800
From: Tim Kientzle <kientzle@freebsd.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060422
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Thiago Damas <tdamas@gmail.com>
References: <86068e730802181718s1ad50d3axeae0dde119ddcf92@mail.gmail.com>	<47BA3334.4040707@andric.com>	<86068e730802181954t52e4e05ay65e04c5f6de9b78a@mail.gmail.com>	<20080219040912.GA14809@kobe.laptop>
	<f8e3d83f0802200451r463f188bn881268b9b2768846@mail.gmail.com>
In-Reply-To: <f8e3d83f0802200451r463f188bn881268b9b2768846@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org
Subject: Re: encrypted executables
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2008 01:26:41 -0000

Thiago Damas wrote:
>   And if you make a wrapper, and execute like a shell script:
> 
> #!/usr/local/bin/mysecyritywrapper
> <...encryted code goes where...>
> 
>   In this way. it'll be hard to use truss, ktrace, strace etc...

No, not really.  All of those tools can trace through
to sub-processes, so whenever the code gets decrypted and
starts executing (whether it's in the main process or
in a sub-process), they'll be able to follow the system
calls it makes.

The key fact about DRM is that it is theoretically
impossible.  Of course, that's what makes it such
an interesting problem in practice.  ;-)

Cheers,

Tim Kientzle