From owner-freebsd-questions  Fri Nov 15 05:31:06 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id FAA12450
          for questions-outgoing; Fri, 15 Nov 1996 05:31:06 -0800 (PST)
Received: from xs1.simplex.nl (xs1.simplex.NL [193.78.46.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA12445
          for <freebsd-questions@freebsd.org>; Fri, 15 Nov 1996 05:31:03 -0800 (PST)
X-Organisation-1:     Simplex Networking Amsterdam     X (Inter)Network
X-Organisation-2: Kruislaan 419-38a 1098 VA  Amsterdam X   Solutions &
X-Organisation-3: tel+31(20)-6932433 fax+31(20)-6685486 X Access Provider
Received: (from rob@localhost) by xs1.simplex.nl (8.7.6/8.7.3-RS) id OAA00724 for freebsd-questions@freebsd.org; Fri, 15 Nov 1996 14:29:19 +0100 (MET)
Date: Fri, 15 Nov 1996 14:29:19 +0100 (MET)
From: Rob Simons <rob@xs1.simplex.nl>
Message-Id: <199611151329.OAA00724@xs1.simplex.nl>
To: freebsd-questions@freebsd.org
Subject: Q: system specific binaries 
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Hi,

Does anyone have any experience with customising FreeBSD so that only
binaries which are compiled on a system itself will actually run on
that system ?
So the local compiler has to give a key to each binary when it's 
compiled, and when executed there'd be a check for that key. ?
That way only people who have access to the compiler may generate 
binaries, and no 'foreign' binaries will be executed by the syetem.

If this is too easy to break, is there perhaps a way to specify
from which directories binaries may be executed ?

- Rob.

/*--------------------------------------------------------------*\
/*   Rob Simons                      |  rob@simplex.nl          *\
/*   ------------  |  -------------  |  --------  |  -------    *\
/*   Novell Netware System Operator  |  UNIX system operator    *\
/*--------------------------------------------------------------*\