On Fri, 2005-04-15 at 18:18 +0900, Tetsuo Handa wrote: > Hi. > > "Jinu Joy <jinu.vnc@xxxxxxxxx>" wrote: > > I want to write a piece of code (user or kernel space) that will stop > > execution of a particular binary say N. Can I ask why exactly you want to stop a specific exe from running? This is a 'fundamentally' flawed way of preventing user action, let me explain why. An exe file (exe is referring to a Linux based binary, no flames please ;) is just a collection of 'instructions' that tell the OS to do something. If you prevent that single exe from running, someone can just come up with another exe that does the same thing. They can do this multiple ways: linking (sym or hard) copying the file renaming the file obtaining source code, changing it, recompiling as a different exe Completely new program is written to do the same thing. Ok, so lets assume your code (pseudo code) looks like this: if (exe->name == "/sbin/ifconfig") return; else exec(exe); You will only prevent the running of the original exe with the original name. ANY of the methods listed above will bypass this security measure. Now, lets assume you've made this change in several places (The kernel code the opens, links, and moves/renames files). And you ALSO base your comparison on an MD5 or something similar. Now you've managed to cover the top THREE, but you've missed the bottom two. (ALso note, the same exe can have different MD5's if compiled with even a single different compiler option/flag) How can we cover the bottom two? We cannot. Reason being, you would have to know about every single possible exe that any compile could ever produce.... My suggestion: Instead of trying to stop a particular exe from executing, think about what your real end goal is. Try to find a better way to achieve that end goal. I hope this information is helpful. If you wish to share your original goal, maybe someone can help you come up with a better way of achieving it :) -- Jason J. Herne <hernejj@xxxxxxxxxxxx> -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
