Date: Sun, 2 Sep 2007 12:45:09 +0200 From: Joerg Sonnenberger <joerg@britannica.bec.de> To: freebsd-hackers@freebsd.org Subject: Re: Exclusive binary files Message-ID: <20070902104508.GB19678@britannica.bec.de> In-Reply-To: <20070901183020.6a098955@bhuda.mired.org> References: <45910cf20709011027o546363e2h4f5646b15e0f84a2@mail.gmail.com> <20070901183020.6a098955@bhuda.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 01, 2007 at 06:30:20PM -0400, Mike Meyer wrote: > On Sat, 1 Sep 2007 14:27:42 -0300 "Klaus Schneider" <klausps@gmail.com> wrote: > > Well, anybody know a way to make the FreeBSD run just binaries that I have > > compiled? > > In general, it's impossible. There's no way the system can know that > you compiled a binary. There are a number of things you could do with > a custom kernel and toolchain to indicate that you compiled the binary > (like Peter's changing of ELF OSABI), but that's just security through > obscurity. If someone figures out those changes and replicates them, > you lose. You mean using cryptographic hashes to ensure that binaries match those you compiled is impossible? Something like NetBSD's veriexec? Joerg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070902104508.GB19678>