Hi. "Jinu Joy <jinu.vnc@xxxxxxxxx>" wrote: > I want to write a piece of code (user or kernel space) that will stop > execution of a particular binary say N. Donot want to tie up the > executable to any user and do a chown or chmod. Want to prevent the > execution independent of any user association. Why not delete the program N. (Sorry. It's a joke.) Well, this is a very difficult question. If you introduce mandatory access control like SELinux, you will be able to achieve that. If you want to write that code for study purpose, modifying do_execve() is OK. But if for security purpose, modifying do_execve() is not enough. If prog1 is called as prog2 via simlink or hardlink? (i.e. "ln -s prog1 prog2; ./prog2" or "ln prog1 prog2; ./prog2") Do you want to modify sys_symlink() and sys_link()? If prog1 is copied and executed? (i.e. "cp -p prog1 /tmp/; /tmp/prog1") Do you want to modify sys_open()? If prog1 is renamed? Do you want to modify sys_rename()? If prog1 is copied via ftp? (Oh, no!) sys_mount() with MS_NOEXEC option can prevent execution, but it can't prevent copy. Using signature(md5, sha1 etc) to determine "execute or not" may help, but if the program is modified, no longer helpful. -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
