Site Navigation

Date:      Fri, 23 Oct 2015 23:56:12 -0400
From:      "Michael B. Eichorn" <ike@michaeleichorn.com>
To:        Erich Dollansky <erichsfreebsdlist@alogt.com>, "O. Hartmann" <ohartman@zedat.fu-berlin.de>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: replace uname -a informational string
Message-ID:  <1445658972.13154.44.camel@michaeleichorn.com>
In-Reply-To: <20151024080936.0ff26783@X220.alogt.com>
References:  <20151023090805.5484ce9b@freyja.zeit4.iv.bundesimmobilien.de> <1445622325.1169.29.camel@michaeleichorn.com> <20151023225424.49220466.ohartman@zedat.fu-berlin.de> <20151024080936.0ff26783@X220.alogt.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On Sat, 2015-10-24 at 08:09 +0800, Erich Dollansky wrote:
> Hi,
> 
> On Fri, 23 Oct 2015 22:54:24 +0200
> "O. Hartmann" <ohartman@zedat.fu-berlin.de> wrote:
> 
> > Am Fri, 23 Oct 2015 13:45:25 -0400
> > "Michael B. Eichorn" <ike@michaeleichorn.com> schrieb:
> > 
> > 
> > First of all: Thank you very much for your concerns and answers.
> > 
> > > On Fri, 2015-10-23 at 09:08 +0200, O. Hartmann wrote:
> > > > For security purposes, I need to replace the informations given
> > > > by
> > > > "uname -a"
> > > > to hode the kernel build system, name et cetera.  
> > > 
> > > I presume you intendend 'hide' here?
> > > 
> > > If you want to scrub a binaries of _all_ information about the
> > > building system this is a problem Debian is actively working on
> > > called 'reproducible builds' but is not possible today.
> > > 
> > > https://reproducible.debian.net
> > > 
> > > If you want to hide the hostname, why not just build with a
> > > different hostname set?
> > 
> > Because it is not only the hostname, uname reveals the target host,
> > date and OS version.
> > 
> > In our case, the image ist built on a dedicated host for a security
> > appliabce based on NanoBSD and I'd like to hide the OS type, the OS
> > name, the build box' name and the build date. 
> > 
> why not replace uname at the source level then?
> 
> Erich

That wouldn't hide the information in any substantial way. Uname is
basically an abstraction of a subset of sysctls. As such, the information
is integral to the kernel itself. Uname is just one of many tools that
can be used to display this information.

Fundamentally the kernel itself needs to be changed not uname.
[-- Attachment #2 --]
0�	*�H��

��0�

10
	`�H
e0�	*�H��


���0�00��
]�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��

	
ike@michaeleichorn.com0�
"0
	*�H��



�
0�

�

�UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYDz�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����
aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\��

���0��0	U00U�0U%0+
+
0U�jj�:	�γ����+39�啖0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ
��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�00��
]�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��

	
ike@michaeleichorn.com0�
"0
	*�H��



�
0�

�

�UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYDz�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����
aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\��

���0��0	U00U�0U%0+
+
0U�jj�:	�γ����+39�啖0U#0�Sr풜���
\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class1/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ
��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�40��

0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�
"0
	*�H��



�
0�

�

�	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N��

��
�0�
�0U

�0

�0U

�
0USr풜���
\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+


Z0X0'+
0
�http://ocsp.startssl.com/ca0-+
0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+

��7

0f0.+

"http://www.startssl.com/policy.pdf04+

(http://www.startssl.com/intermediate.pdf0
	*�H��


�

�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢����
��o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�LJ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b
��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�1��0��

0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	`�H
e��
�0	*�H��

	1	*�H��


0	*�H��

	1
151024035612Z0O	*�H��

	1B@��0oMm�ۑ�"wN<��N/�0었1��	E�z����U�#*��t��8�I�o�����0��	+

�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0��*�H��

	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	*�H��



�
F���1��M�4S����%tԯ��$g�Ђ}*�V�x���q|1uX ��i�I��`o����S
Q��eb���)Z�mm��%L�>�@U�P�WnY����&+�ːB&�q��=܎c89������<�rh� J������"$)Ƶ��M�0�(�C˒��� 3����$7g��k�_�[��m�n�3�[�X����Ӡ���G/e>�3�
`v�;;��<�-o�*lM�GRiܩ���yV��X

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1445658972.13154.44.camel>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact