Re: Re: Security. Allow to run only executables with certain hash

2020-02-29 Thread Dmytro Spivak
I think If somebody would need python or perl language he would have to rewrite the library to allow only certain files to execute. And still he have to rewrite /bin/mv, /bin/cp source code to restrict actions with that library if they (mv, cp) are allowed by the app to execute.

Re: Security. Allow to run only executables with certain hash

2020-02-28 Thread Russ Allbery
Dmytro Spivak writes: > Please make a system app, that will prevent strange executables and > wrappers to be launched. This is doable as an LSM for executables. Pretty sure there's a working version of this on Android that uses hashes stored with the file and signed. (I recall seeing

Re: Security. Allow to run only executables with certain hash

2020-02-28 Thread Seth Arnold
On Fri, Feb 28, 2020 at 08:22:58PM +0200, Dmytro Spivak wrote: > Please make a system app, that will prevent strange executables and > wrappers to be launched. Hopefully this is helpful to you: https://sourceforge.net/p/linux-ima/wiki/Home/ Thanks signature.asc Description: PGP signature

Re: Re: Security. Allow to run only executables with certain hash

2020-02-28 Thread Dmytro Spivak
Thank you, Steve! It is not for me but for everybody for the common good. I`ve made just an idea, somebody must make the result. For all companies who uses Debian OS and their customers against data (personal, banking) thefts, persecution of oppositions in countries, elections interferenses, for

Re: Security. Allow to run only executables with certain hash

2020-02-28 Thread Steve Kemp
Good luck finding somebody to write this for you. If you're interested in kernel security you might enjoy this module which makes it possible to do most of what you want - but it'll require hacking: https://github.com/skx/linux-security-modules/tree/master/security/can-exec In general what you

Security. Allow to run only executables with certain hash

2020-02-28 Thread Dmytro Spivak
Please make a system app, that will prevent strange executables and wrappers to be launched. For developers: 1. this app must allow an execution only executables with certain hashes and deny execution of files, hashes of which are not prescribed in a control file. 2. the control file (of list

Re: Security. Allow to run only executables with certain hash

2020-02-28 Thread Dmytro Spivak
sorry, delete, please * after 1-hour living password 2020-02-28 20:22 GMT+02:00, Dmytro Spivak : > Please make a system app, that will prevent strange executables and > wrappers to be launched. > > For developers: > > 1. this app must allow an execution only executables with certain > hashes