Re: Re: Security. Allow to run only executables with certain hash
I think If somebody would need python or perl language he would have to rewrite the library to allow only certain files to execute. And still he have to rewrite /bin/mv, /bin/cp source code to restrict actions with that library if they (mv, cp) are allowed by the app to execute. --- This is doable as an LSM for executables. Pretty sure there's a working version of this on Android that uses hashes stored with the file and signed. (I recall seeing something in LWN about it.) However, a major challenge is interpreted languages. Do you allow people to run /usr/bin/perl or not? Both answers imply a lot of difficult problems. Java, Python, Node, and anything else in that family have the same issue. You can otherwise set this up with a Linux distribution with existing tools and maybe a few additions, but in practice you would have to bless Perl and Python (at least), and then it's not clear if you're getting enough security benefit. -- Russ Allbery (r...@debian.org)
Re: Re: Security. Allow to run only executables with certain hash
Thank you, Steve! It is not for me but for everybody for the common good. I`ve made just an idea, somebody must make the result. For all companies who uses Debian OS and their customers against data (personal, banking) thefts, persecution of oppositions in countries, elections interferenses, for making the democracy and the humans prosperity. 2020-02-28 20:56 GMT+02:00, Steve Kemp : > Good luck finding somebody to write this for you. If you're interested in > kernel security you might enjoy this module which makes it possible to do > most of what you want - but it'll require hacking: > > https://github.com/skx/linux-security-modules/tree/master/security/can-exec > > In general what you want is hard, you'll need to compromise (no pun > intended), or pay a lot of money to get it developed for you. > > Steve > > On Fri, Feb 28, 2020 at 8:42 PM Dmytro Spivak wrote: > >> sorry, delete, please * after 1-hour living >> password >> >> 2020-02-28 20:22 GMT+02:00, Dmytro Spivak : >> > Please make a system app, that will prevent strange executables and >> > wrappers to be launched. >> > >> > For developers: >> > >> > 1. this app must allow an execution only executables with certain >> > hashes and deny execution of files, hashes of which are not prescribed >> > in a control file. >> > >> > 2. the control file (of list of allowed executables and their hashes) >> > and a configuration file of the app may be changed by 2 factor >> > authentication (by sending an email with 8-digits 1-hour living >> > password* (do not forget a delay of 5 seconds against guessing the >> > password)) after a first configuration. >> > >> > 3. by installation of the app there must be a prompt to enter an email >> > for 2 factor authentication process, email server settings for ability >> > to send an email for 2 factor authentication. >> > >> > 4. for building a control file the app scans for all executables in >> > the os, makes their (for example, sha1) hashes and writes full path >> > and hash of each of them to the control file. >> > >> > 5. for stopping or killing the app must be the 2 factor authentication >> > I suppose, too (or write the source code of /bin/kill binary so that >> > if it is the app then nothing to do (pretermit action), but the >> > original `/bin/kill` binary one can copy to a usb flash drive with a >> > different name (for example, /media/ubuntu/usbflash/flwr) and if one >> > needs to kill the app then he connects the usb flash and copies that >> > binary /media/ubuntu/usbflash/flwr to the system and launches against >> > the app (but for prevent a theft of /media/ubuntu/usbflash/flwr using >> > for example, sh -c "while:; do sleep 10; inotifywait -rmq -e access >> > /media/ubuntu/usbflash/ | while read line; do cp $line /path/to/;done; >> > done" source code of /bin/cp or /bin/mv files can be written so that >> > they can copy or move /media/ubuntu/usbflash/flwr file only to >> > special path on the system not to somewhere else)). >> > >> >> >
Security. Allow to run only executables with certain hash
Please make a system app, that will prevent strange executables and wrappers to be launched. For developers: 1. this app must allow an execution only executables with certain hashes and deny execution of files, hashes of which are not prescribed in a control file. 2. the control file (of list of allowed executables and their hashes) and a configuration file of the app may be changed by 2 factor authentication (by sending an email with 8-digits 1-hour living password* (do not forget a delay of 5 seconds against guessing the password)) after a first configuration. 3. by installation of the app there must be a prompt to enter an email for 2 factor authentication process, email server settings for ability to send an email for 2 factor authentication. 4. for building a control file the app scans for all executables in the os, makes their (for example, sha1) hashes and writes full path and hash of each of them to the control file. 5. for stopping or killing the app must be the 2 factor authentication I suppose, too (or write the source code of /bin/kill binary so that if it is the app then nothing to do (pretermit action), but the original `/bin/kill` binary one can copy to a usb flash drive with a different name (for example, /media/ubuntu/usbflash/flwr) and if one needs to kill the app then he connects the usb flash and copies that binary /media/ubuntu/usbflash/flwr to the system and launches against the app (but for prevent a theft of /media/ubuntu/usbflash/flwr using for example, sh -c "while:; do sleep 10; inotifywait -rmq -e access /media/ubuntu/usbflash/ | while read line; do cp $line /path/to/;done; done" source code of /bin/cp or /bin/mv files can be written so that they can copy or move /media/ubuntu/usbflash/flwr file only to special path on the system not to somewhere else)).
Re: Security. Allow to run only executables with certain hash
sorry, delete, please * after 1-hour living password 2020-02-28 20:22 GMT+02:00, Dmytro Spivak : > Please make a system app, that will prevent strange executables and > wrappers to be launched. > > For developers: > > 1. this app must allow an execution only executables with certain > hashes and deny execution of files, hashes of which are not prescribed > in a control file. > > 2. the control file (of list of allowed executables and their hashes) > and a configuration file of the app may be changed by 2 factor > authentication (by sending an email with 8-digits 1-hour living > password* (do not forget a delay of 5 seconds against guessing the > password)) after a first configuration. > > 3. by installation of the app there must be a prompt to enter an email > for 2 factor authentication process, email server settings for ability > to send an email for 2 factor authentication. > > 4. for building a control file the app scans for all executables in > the os, makes their (for example, sha1) hashes and writes full path > and hash of each of them to the control file. > > 5. for stopping or killing the app must be the 2 factor authentication > I suppose, too (or write the source code of /bin/kill binary so that > if it is the app then nothing to do (pretermit action), but the > original `/bin/kill` binary one can copy to a usb flash drive with a > different name (for example, /media/ubuntu/usbflash/flwr) and if one > needs to kill the app then he connects the usb flash and copies that > binary /media/ubuntu/usbflash/flwr to the system and launches against > the app (but for prevent a theft of /media/ubuntu/usbflash/flwr using > for example, sh -c "while:; do sleep 10; inotifywait -rmq -e access > /media/ubuntu/usbflash/ | while read line; do cp $line /path/to/;done; > done" source code of /bin/cp or /bin/mv files can be written so that > they can copy or move /media/ubuntu/usbflash/flwr file only to > special path on the system not to somewhere else)). >