Site Navigation

Date:      Fri, 23 Oct 2015 19:20:40 -0400
From:      "Michael B. Eichorn" <ike@michaeleichorn.com>
To:        Karl Young <karly@kipshouse.org>, "O. Hartmann" <ohartman@zedat.fu-berlin.de>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: replace uname -a informational string
Message-ID:  <1445642440.13154.38.camel@michaeleichorn.com>
In-Reply-To: <20151023225524.GJ31202@mailboy.kipshouse.net>
References:  <20151023090805.5484ce9b@freyja.zeit4.iv.bundesimmobilien.de> <1445622325.1169.29.camel@michaeleichorn.com> <20151023225424.49220466.ohartman@zedat.fu-berlin.de> <20151023225524.GJ31202@mailboy.kipshouse.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On Fri, 2015-10-23 at 15:55 -0700, Karl Young wrote:
> 
> O. Hartmann(ohartman@zedat.fu-berlin.de)@2015.10.23 22:54:24 +0200:
> > Am Fri, 23 Oct 2015 13:45:25 -0400
> > "Michael B. Eichorn" <ike@michaeleichorn.com> schrieb:
> > 
> > 
> > First of all: Thank you very much for your concerns and answers.
> > 
> > > On Fri, 2015-10-23 at 09:08 +0200, O. Hartmann wrote:
> > > > For security purposes, I need to replace the informations given
> > > > by
> > > > "uname -a"
> > > > to hode the kernel build system, name et cetera.  
> > > 
> > > I presume you intendend 'hide' here?
> > > 
> > > If you want to scrub a binaries of _all_ information about the
> > > building
> > > system this is a problem Debian is actively working on called
> > > 'reproducible builds' but is not possible today.
> > > 
> > > https://reproducible.debian.net
> > > 
> > > If you want to hide the hostname, why not just build with a
> > > different
> > > hostname set?
> > 
> > Because it is not only the hostname, uname reveals the target host,
> > date and OS version.
> > 
> > In our case, the image ist built on a dedicated host for a security
> > appliabce based on
> > NanoBSD and I'd like to hide the OS type, the OS name, the build box'
> > name and the build
> > date. 
> 
> Perhaps you could mv or rm /usr/bin/uname and replace it with your own
> script or binary that outputs whatever you want it to.
> 
> -karl

To make that work you would need to do a lot of work to prevent the user
from using a copy of the original uname (or something similar). The
information is actually in the kernel itself, uname is just mechanism to
report it.

And then there are tools like strings...
[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e0�	*�H��


���0�00��
]�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��

	
ike@michaeleichorn.com0�
"0
	*�H��



�
0�

�

�UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYDz�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����
aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\��

���0��0	U00U�0U%0+
+
0U�jj�:	�γ����+39�啖0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ
��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�00��
]�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��

	
ike@michaeleichorn.com0�
"0
	*�H��



�
0�

�

�UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYDz�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����
aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\��

���0��0	U00U�0U%0+
+
0U�jj�:	�γ����+39�啖0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ
��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�40��

0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�
"0
	*�H��



�
0�

�

�	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N��

��
�0�
�0U

�0

�0U

�
0USr풜���
\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+


Z0X0'+
0
�http://ocsp.startssl.com/ca0-+
0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+

��7

0f0.+

"http://www.startssl.com/policy.pdf04+

(http://www.startssl.com/intermediate.pdf0
	*�H��


�

�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢����
��o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�LJ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b
��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�1��0��

0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	`�H
e��
�0	*�H��

	1	*�H��


0	*�H��

	1
151023232040Z0O	*�H��

	1B@krZPb��\Pl���H]�p/o�~�!�^��^߯��`��^2���(���W�FY�h9$?�
�܈�0��	+

�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0��*�H��

	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	*�H��



�
#(��EzboU�S���ٔC�M��~ww���_4�-F��H{��J��ʔ����5�ئ�:���&�����q���p`�mIGXN�ȸ����8Bz�E"�_�p�
CLa"J}��t�hLcP�ή!�E����V� TF��-�
^A��a�n�d���>`}B�5�#u��%�q)��:vSm>�S0
��oV�V����7�qu��9
�@�i�OW�%ٱ�O�ՆU(������=(�G�ql�lHA

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1445642440.13154.38.camel>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact