On Fri, Feb 09, 2001 at 10:39:03PM -0700, Wes Peters wrote: > Add a list of executables and their MD5's to the kernel, to be loaded at > boot time via the loader. Modify the kernel loader to refuse to exec > any executable whose MD5 is known but doesn't match. Ditto for shared > libraries and ld.so. There you have it, a system that cannot be > upgraded except in single-user mode. Be sure not to allow any scripting languages to be executed. Getting away without /bin/sh might be tough, you can probably do a lot with builtins if you're creative. Kris
PGP signature- /etc/security: add md5 to suid change notification? Nick Sayer
- Re: /etc/security: add md5 to suid change notification? Greg Black
- Re: /etc/security: add md5 to suid change notificat... Nick Sayer
- Re: /etc/security: add md5 to suid change notif... Kris Kennaway
- Re: /etc/security: add md5 to suid change notif... Greg Black
- Re: /etc/security: add md5 to suid change notif... Wes Peters
- Re: /etc/security: add md5 to suid change n... Kris Kennaway
- Re: /etc/security: add md5 to suid change n... Robert Watson
- Re: /etc/security: add md5 to suid cha... Wes Peters
- Re: /etc/security: add md5 to suid change notification? Kris Kennaway
- Re: /etc/security: add md5 to suid change notification? 207 . 100
- Re: /etc/security: add md5 to suid change notificat... Robert Watson
