From owner-freebsd-questions Fri Nov 15 06:19:29 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA16210 for questions-outgoing; Fri, 15 Nov 1996 06:19:29 -0800 (PST) Received: from friley216.res.iastate.edu (friley216.res.iastate.edu [129.186.78.216]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA16201 for ; Fri, 15 Nov 1996 06:19:18 -0800 (PST) Received: from friley216.res.iastate.edu (loopback [127.0.0.1]) by friley216.res.iastate.edu (8.7.6/8.7.3) with ESMTP id IAA10102; Fri, 15 Nov 1996 08:19:07 -0600 (CST) Message-Id: <199611151419.IAA10102@friley216.res.iastate.edu> X-Mailer: exmh version 1.6.9 8/22/96 To: Rob Simons cc: freebsd-questions@freebsd.org Subject: Re: Q: system specific binaries In-reply-to: Your message of Fri, 15 Nov 1996 14:29:19 +0100. <199611151329.OAA00724@xs1.simplex.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 15 Nov 1996 08:19:07 -0600 From: Chris Csanady Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > >Hi, > >Does anyone have any experience with customising FreeBSD so that only >binaries which are compiled on a system itself will actually run on >that system ? >So the local compiler has to give a key to each binary when it's >compiled, and when executed there'd be a check for that key. ? >That way only people who have access to the compiler may generate >binaries, and no 'foreign' binaries will be executed by the syetem. > >If this is too easy to break, is there perhaps a way to specify >from which directories binaries may be executed ? there is the noexec mount option. man mount Chris Csanady > >- Rob. > >/*--------------------------------------------------------------*\ >/* Rob Simons | rob@simplex.nl *\ >/* ------------ | ------------- | -------- | ------- *\ >/* Novell Netware System Operator | UNIX system operator *\ >/*--------------------------------------------------------------*\