Date: Sat, 16 Nov 1996 15:27:07 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: dyson@FreeBSD.org Cc: rob@xs1.simplex.nl, hackers@FreeBSD.org Subject: Re: Q: system specific binaries Message-ID: <199611160457.PAA10718@genesis.atrad.adelaide.edu.au> In-Reply-To: <199611151543.KAA01199@dyson.iquest.net> from "John S. Dyson" at "Nov 15, 96 10:43:10 am"
next in thread | previous in thread | raw e-mail | index | archive | help
John S. Dyson stands accused of saying: > > > > If this is too easy to break, is there perhaps a way to specify > > from which directories binaries may be executed ? look at /sys/kern/imgact* for starters. Depending on what you're actually worried about, you might want to look at the source for the shells, perl, tcl, remove the debugger (gdb) etc. > Perhaps, formulate a system whereby the flags bits on a file are used > in some way... Note that I am not talking about the "protection" bits, > but there is another group of interesting things called flags bits that > can be placed only under the control of the kernel. Just a thought. > > (Perhaps an "annoint" command???) A "secure" flag, only settable by root and cleared when the file is written to might be vaguely useful. It might give a false sense of confidence though. > John -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611160457.PAA10718>