From owner-freebsd-hackers  Mon Nov 18 09:49:44 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA00848
          for hackers-outgoing; Mon, 18 Nov 1996 09:49:44 -0800 (PST)
Received: from zwei.siemens.at (zwei.siemens.at [193.81.246.12])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA00839;
          Mon, 18 Nov 1996 09:49:32 -0800 (PST)
Received: from sol1.gud.siemens.co.at (root@[10.1.143.100]) by zwei.siemens.at (8.7.5/8.7.3) with SMTP id SAA01547; Mon, 18 Nov 1996 18:48:26 +0100 (MET)
Received: from ws2301.gud.siemens.co.at by sol1.gud.siemens.co.at with smtp
	(Smail3.1.28.1 #7 for <dyson@freebsd.org>) 
	id m0vPXoQ-00021EC; Mon, 18 Nov 96 18:48 MET
Received: by ws2301.gud.siemens.co.at (1.37.109.16/1.37)
	id AA152559230; Mon, 18 Nov 1996 18:47:10 +0100
From: "Hr.Ladavac" <lada@ws2301.gud.siemens.co.at>
Message-Id: <199611181747.AA152559230@ws2301.gud.siemens.co.at>
Subject: Re: Q: system specific binaries
To: msmith@atrad.adelaide.edu.au (Michael Smith)
Date: Mon, 18 Nov 1996 18:47:10 +0100 (MEZ)
Cc: dyson@freebsd.org, rob@xs1.simplex.nl, hackers@freebsd.org
In-Reply-To: <199611160457.PAA10718@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Nov 16, 96 03:27:07 pm
X-Mailer: ELM [version 2.4 PL24 ME8a]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

E-mail message from Michael Smith contained:
> John S. Dyson stands accused of saying:
> > > 
> > > If this is too easy to break, is there perhaps a way to specify
> > > from which directories binaries may be executed ?
> 
> look at /sys/kern/imgact* for starters.  Depending on what you're actually
> worried about, you might want to look at the source for the shells,
> perl, tcl, remove the debugger (gdb) etc.
> 
> > Perhaps, formulate a system whereby the flags bits on a file are used
> > in some way...  Note that I am not talking about the "protection" bits,
> > but there is another group of interesting things called flags bits that
> > can be placed only under the control of the kernel.  Just a thought.
> > 
> > (Perhaps an "annoint" command???)
> 
> A "secure" flag, only settable by root and cleared when the file is
> written to might be vaguely useful.  It might give a false sense of
> confidence though.

A "secure" flag only settable in a standalone mode, combined perhaps with
"immutable" flag might be better.  No, I don't have the patches (yet :)

/Marino
> 
> > John
> 
> -- 
> ]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
> ]] Genesis Software                     genesis@gsoft.com.au            [[
> ]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
> ]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
> ]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[
>