From owner-freebsd-hackers  Sat Aug 22 08:10:43 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA10178
          for freebsd-hackers-outgoing; Sat, 22 Aug 1998 08:10:43 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from mail.camalott.com ([208.203.140.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA10173
          for <hackers@FreeBSD.ORG>; Sat, 22 Aug 1998 08:10:41 -0700 (PDT)
          (envelope-from joelh@gnu.org)
Received: from detlev.UUCP (tex-114.camalott.com [208.229.74.114])
	by mail.camalott.com (8.8.7/8.8.5) with ESMTP id KAA20493;
	Sat, 22 Aug 1998 10:11:34 -0500
Received: (from joelh@localhost)
	by detlev.UUCP (8.9.1/8.9.1) id KAA04791;
	Sat, 22 Aug 1998 10:09:52 -0500 (CDT)
	(envelope-from joelh)
Date: Sat, 22 Aug 1998 10:09:52 -0500 (CDT)
Message-Id: <199808221509.KAA04791@detlev.UUCP>
To: jb@cimlogic.com.au
CC: rabtter@aye.net, hackers@FreeBSD.ORG
In-reply-to: <199808220003.KAA16116@cimlogic.com.au> (message from John
	Birrell on Sat, 22 Aug 1998 10:03:55 +1000 (EST))
Subject: Re: I want to break binary compatibility.
From: Joel Ray Holveck <joelh@gnu.org>
Reply-to: joelh@gnu.org
References:  <199808220003.KAA16116@cimlogic.com.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>> What I want to do, if possible is build a uniq system such that
>> binaries from other systems will not run on it and vice versa. Is
>> this possible?
> Since you have all the sources to the kernel, you have control over
> what executable formats the kernel will recognize. Why not try your
> own binary format that differs in a way known only by you? You could
> create a tool that converts an aout or elf executable into your
> proprietary format.

Note that if the crackers get wise to this, then they could analyze
the new format.  Same goes for jmb's idea of scrambling syscalls,
although since rtld is failing rather than exec, it's likely to be
harder to discover the problem (since exec will, unless modified,
report a useful error message; rtld won't since it can't access
write()).

It may also be useful to, for each filesystem FOO, mount FOO
either read-only or noexec.

Best,
joelh

-- 
Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message