Cybersecurity

I think the encryption/decryption can be cracked.
But what I just read (just a quick google) as a signature algorithm with a secure hash algorithm (e.g. SHA2) it is still safe

It's not clear to me which executables are available for use in the shell script. A shell script will need the interpreter or it's inert. Can the script use standard utilities like chmod or sed? Can it invoke subsidiary languages like awk, or perl? A language can perl can do almost everything that can be done with an executable.

Must the cracker actually damage anything? Lots of crackers simply want a copy of your data and avoid damaging stuff to avoid detection. But in your scenario a cracker like that is tolerable?

----edit----
Also what about shared libraries? Are they signed as well?

Well, "standard" programs are available (chmod, chroot etc. for security reasons not), and also I managed to prevent scripting languages like perl from execution (i.e. only signed code is executed)

Didn't really think of that tbh, but no, I want it as safe as possible

Yep

Maybe a short summary of what I want and what I already managed to do: The final target is a system on which only authorized code can be executed to get maximum control of what is run on it (may seem weird, but we are not talking about a home PC here). I already managed to prevent any non signed code (both binaries and scripting languages like perl or python). For scripting languages this is done via a kernel heck in die script interpreter loader, so I can not only prevent calls like ./hack.pl but also perl hack.pl. The problem is that with my approach I would actually disable the shell, so loggin in isn't possible anymore

Since I guess most shell languages based on the original Bourne Shell are Turing complete you can code up anything, given enough time. The simplest case that I can think of is a shell script that connects to an IRC server and acts as a spam bot, or a FTP-over-IRC server.

You could hardly have a UNIX system without chmod. You'd be unable to prevent anyone from reading your files -- or, if the default umask is set in a draconian manner, unable to allow anyone to read your files. The only user able to do so would presumably be root (since only root can change other users' permissions), so you'd need to run things as root all the time to accomplish normal tasks.

I think you need to rethink your security model.

If simply reading files needs to be prevented you are going to be out of luck with your approach. With bash or ksh a user with no access to any executables can do stuff like:

Code:

function cat { while read l ; do echo "$l" ; done < $1 ; }
function ls { while [ $# -ne 0 ] ; do echo "$1" ; shift; done ;}

and browse the system for any readable files. You really need to put users in a chroot jail and ensure that they have no root access to get true security.

Why don't you just publish the ip and a user id and password, so that we can have at it...