Subject: Re: verified executable kernel modification committed
To: None <tech-security@netbsd.org>
From: Andrew Brown <atatat@atatdot.net>
List: current-users
Date: 10/31/2002 17:21:52
>>This doesn't stop arbitrary scripts from being run, but at least with
>>the basic POSIX scripting tool, /bin/sh, there's not a whole lot of
>>difference in the functional effects between a script and an iteration
>>of a bunch of commands with carefully controlled parameters, i.e.
>>scripts don't really let you do anything you can't already do by rote,
>>given a certain set of available underlying programs.
>
>With the code that Brett has provided, you can provide interpretters on
>the system which cannot be used in such a way, though.
ah. forgive me if this has been covered already (i lost track of
where i was in the thread and probably missed some stuff), but is this
a "binary only" feature, or can i use this for scripts as well?
for example...
is it possible to "sign" a "script" such that it can be read or
executed by anyone, but not everyone can use the interpreter for
anything, and the script won't work if copied to a different location?
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
werdna@squooshy.com * "information is power -- share the wealth."