> On Mer, 2003-05-14 at 14:52, Dean McEwan wrote:
> > It would be set up so that files have an internal signature (ELF format might have to be
> > fiddled with). It would verify itself by sending info to the creator of the contents PC OR server
> > asking for verification of itself, files could be limited lease, rented, or automatically expire
> > after some time.
>
> That way around doesnt actually work because I'll simply lie, fake the server or firewall you
Encrypted binary, in a XML wrapper that needs decryption key from owners site.
Uses port 80...
> (in fact any serious business firewalls all outgoing traffic from end users). If you want
> to do it for internal trust and you control the systems (the useful case) you set SELinux
> or RSBAC up so that all applications create files in a "non runnable" class. The only way
> to transition an app is a single user application which does your key checking and other
> processing then transitions the binary to "safe". I guess you also add a general rule that
> writing to a file moves it back into non runnable.
>
> One of the problems with this is interpreters. Its easy to do this with ELF binaries but
> you have to extend it to scripts and that normally means more pain 8)
>
>
>
-- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yrPowered by Outblaze - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/