Re: Security. Allow to run only executables with certain hash

To: debian-devel@lists.debian.org
Subject: Re: Security. Allow to run only executables with certain hash
From: Russ Allbery <rra@debian.org>
Date: Fri, 28 Feb 2020 14:45:33 -0800
Message-id: <[🔎] 87k146jppu.fsf@hope.eyrie.org>
In-reply-to: <[🔎] CAKQFUBgNczZEdjLHi+JwrxRDFcVT8cbEakQf6vmMiLgGzys9nQ@mail.gmail.com> (Dmytro Spivak's message of "Fri, 28 Feb 2020 20:22:58 +0200")
References: <CAKQFUBhMcmC8AO_Awxrd1MHH1na6X-RT4fm5p8VXwtqdyqYN+A@mail.gmail.com> <[🔎] CAKQFUBgNczZEdjLHi+JwrxRDFcVT8cbEakQf6vmMiLgGzys9nQ@mail.gmail.com>

Dmytro Spivak <obyavus@gmail.com> writes:

> Please make a system app, that will prevent strange executables and
> wrappers to be launched.

This is doable as an LSM for executables.  Pretty sure there's a working
version of this on Android that uses hashes stored with the file and
signed.  (I recall seeing something in LWN about it.)

However, a major challenge is interpreted languages.  Do you allow people
to run /usr/bin/perl or not?  Both answers imply a lot of difficult
problems.  Java, Python, Node, and anything else in that family have the
same issue.  You can otherwise set this up with a Linux distribution with
existing tools and maybe a few additions, but in practice you would have
to bless Perl and Python (at least), and then it's not clear if you're
getting enough security benefit.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>

Reply to:

References:
- Security. Allow to run only executables with certain hash
  - From: Dmytro Spivak <obyavus@gmail.com>

Prev by Date: Re: Security. Allow to run only executables with certain hash
Next by Date: Bug#952776: RFP: libprometheus-tiny-perl -- tiny module to export monitoring metrics for Prometheus
Previous by thread: Re: Re: Security. Allow to run only executables with certain hash
Next by thread: Bug#952764: ITP: python-django-libsass -- django-compressor filter using libsass
Index(es):
- Date
- Thread