Re: Re: Security. Allow to run only executables with certain hash
I think If somebody would need python or perl language he would have
to rewrite the library to allow only certain files to execute. And
still he have to rewrite /bin/mv, /bin/cp source code to restrict
actions with that library if they (mv, cp) are allowed by the app to
execute.
-------------------------------------------------------------------------------------------------------
This is doable as an LSM for executables. Pretty sure there's a working
version of this on Android that uses hashes stored with the file and
signed. (I recall seeing something in LWN about it.)
However, a major challenge is interpreted languages. Do you allow people
to run /usr/bin/perl or not? Both answers imply a lot of difficult
problems. Java, Python, Node, and anything else in that family have the
same issue. You can otherwise set this up with a Linux distribution with
existing tools and maybe a few additions, but in practice you would have
to bless Perl and Python (at least), and then it's not clear if you're
getting enough security benefit.
--
Russ Allbery (rra@debian.org)
Reply to: