From owner-freebsd-hackers  Fri Nov 15 07:43:37 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id HAA21932
          for hackers-outgoing; Fri, 15 Nov 1996 07:43:37 -0800 (PST)
Received: from dyson.iquest.net ([198.70.144.127])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA21919
          for <hackers@freebsd.org>; Fri, 15 Nov 1996 07:43:26 -0800 (PST)
Received: (from root@localhost) by dyson.iquest.net (8.8.2/8.6.9) id KAA01199; Fri, 15 Nov 1996 10:43:11 -0500 (EST)
From: "John S. Dyson" <toor@dyson.iquest.net>
Message-Id: <199611151543.KAA01199@dyson.iquest.net>
Subject: Re: Q: system specific binaries
To: rob@xs1.simplex.nl (Rob Simons)
Date: Fri, 15 Nov 1996 10:43:10 -0500 (EST)
Cc: hackers@freebsd.org
In-Reply-To: <199611151329.OAA00724@xs1.simplex.nl> from "Rob Simons" at Nov 15, 96 02:29:19 pm
Reply-To: dyson@freebsd.org
X-Mailer: ELM [version 2.4 PL24 ME8]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> 
> 
> Hi,
> 
> Does anyone have any experience with customising FreeBSD so that only
> binaries which are compiled on a system itself will actually run on
> that system ?
> So the local compiler has to give a key to each binary when it's 
> compiled, and when executed there'd be a check for that key. ?
> That way only people who have access to the compiler may generate 
> binaries, and no 'foreign' binaries will be executed by the syetem.
> 
> If this is too easy to break, is there perhaps a way to specify
> from which directories binaries may be executed ?
> 
Perhaps, formulate a system whereby the flags bits on a file are used
in some way...  Note that I am not talking about the "protection" bits,
but there is another group of interesting things called flags bits that
can be placed only under the control of the kernel.  Just a thought.

(Perhaps an "annoint" command???)
John