Quote:
Originally Posted by
Perderabo
It's not clear to me which executables are available for use in the shell script. A shell script will need the interpreter or it's inert. Can the script use standard utilities like chmod or sed? Can it invoke subsidiary languages like awk, or perl? A language can perl can do almost everything that can be done with an executable.
Well, "standard" programs are available (chmod, chroot etc. for security reasons not), and also I managed to prevent scripting languages like perl from execution (i.e. only signed code is executed)
Quote:
Must the cracker actually damage anything? Lots of crackers simply want a copy of your data and avoid damaging stuff to avoid detection. But in your scenario a cracker like that is tolerable?
Didn't really think of that tbh, but no, I want it as safe as possible
Quote:
Also what about shared libraries? Are they signed as well?
Yep
Maybe a short summary of what I want and what I already managed to do: The final target is a system on which only authorized code can be executed to get maximum control of what is run on it (may seem weird, but we are not talking about a home PC here). I already managed to prevent any non signed code (both binaries and scripting languages like perl or python). For scripting languages this is done via a kernel heck in die script interpreter loader, so I can not only prevent calls like ./hack.pl but also perl hack.pl. The problem is that with my approach I would actually disable the shell, so loggin in isn't possible anymore