From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 1 22:58:14 2007 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D06EC16A421 for ; Sat, 1 Sep 2007 22:58:14 +0000 (UTC) (envelope-from mwm-keyword-freebsdhackers2.e313df@mired.org) Received: from mired.org (vpn.mired.org [66.92.153.74]) by mx1.freebsd.org (Postfix) with SMTP id 5D3DF13C47E for ; Sat, 1 Sep 2007 22:58:14 +0000 (UTC) (envelope-from mwm-keyword-freebsdhackers2.e313df@mired.org) Received: (qmail 2274 invoked by uid 1001); 1 Sep 2007 22:30:22 -0000 Received: from bhuda.mired.org (localhost.localdomain [127.0.0.1]) by bhuda.mired.org (tmda-ofmipd) with ESMTP; Sat, 01 Sep 2007 18:30:21 -0400 Date: Sat, 1 Sep 2007 18:30:20 -0400 To: "Klaus Schneider" Message-ID: <20070901183020.6a098955@bhuda.mired.org> In-Reply-To: <45910cf20709011027o546363e2h4f5646b15e0f84a2@mail.gmail.com> References: <45910cf20709011027o546363e2h4f5646b15e0f84a2@mail.gmail.com> Organization: Meyer Consulting X-Mailer: Claws Mail 2.9.1 (GTK+ 2.10.12; amd64-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Delivery-Agent: TMDA/1.1.11 (Ladyburn) From: Mike Meyer Cc: hackers@freebsd.org Subject: Re: Exclusive binary files X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Sep 2007 22:58:14 -0000 On Sat, 1 Sep 2007 14:27:42 -0300 "Klaus Schneider" wrote: > Well, anybody know a way to make the FreeBSD run just binaries that I have > compiled? In general, it's impossible. There's no way the system can know that you compiled a binary. There are a number of things you could do with a custom kernel and toolchain to indicate that you compiled the binary (like Peter's changing of ELF OSABI), but that's just security through obscurity. If someone figures out those changes and replicates them, you lose. The extreme version of this involves designing a new processor, getting a copy fabbed, porting FreeBSD to it, and then using that. Somewhat more practical are crypto technics, say having the kernel check that you've digitally signed the binaries. Those aren't unbreakable, just expensive to break. > For example: > A hacker get a access to a shell into my server, and then it put a exploit > code, but on the machine don't have a compiler, then he tries to put the > compiled exploit... supose that I can't mount the users partition > in "noexec" mode... > Anybode knows a solution for these? You haven't described why you can't make the users partition noexec (which is really strange since you don't want users to be able to install executables), so no, I can't provide a solution for that. There are lots of other possibilities that might turn up with a different phrasing of the problem. For instance, restricting the kernel to a fixed list of executables should be doable. But until you tell us what problem you're really trying to solve, there's no way to know which would be acceptable and which wouldn't. http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.