Date: Sun, 2 Sep 2007 18:13:19 +0200 From: Max Laier <max@love2party.net> To: freebsd-hackers@freebsd.org Cc: Klaus Schneider <klausps@gmail.com> Subject: Re: Exclusive binary files Message-ID: <200709021813.28332.max@love2party.net> In-Reply-To: <45910cf20709011027o546363e2h4f5646b15e0f84a2@mail.gmail.com> References: <45910cf20709011027o546363e2h4f5646b15e0f84a2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Saturday 01 September 2007, Klaus Schneider wrote: > Hi. > > Well, anybody know a way to make the FreeBSD run just binaries that I > have compiled? > > For example: > A hacker get a access to a shell into my server, and then it put a > exploit code, but on the machine don't have a compiler, then he tries > to put the compiled exploit... supose that I can't mount the users > partition in "noexec" mode... > > Anybode knows a solution for these? IIRC csjp@ had some code to do this inside the MAC framework. Storing hashes in extended attributes and only allowing execution of signed executables ... http://perforce.freebsd.org/fileLogView.cgi?FSPC=//depot/projects/trustedbsd/mac/sys/security/mac%5fchkexec/mac%5fchkexec.c ... not sure what became of it, though. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBG2uEoXyyEoT62BG0RArzGAJ0e13bedFL4IK+2K6gfdbWn8W7dLACfYm9h J/RGXcALiuZ6xwpnMx3rhe8= =kuqD -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709021813.28332.max>