Re: Can't undate running process binary in Solaris?

On 6 Jul, 14:36, Eric Sosman <esos...@xxxxxxxxxxxxxxxxxxxx> wrote:
However, here's an easy way to defeat an enforcement scheme
that relies on modifying the executable file: Make a backup
copy, and restore from backup whenever the executable stops
working. Or make the file owned by user1 with 755 permissions,
and run the program as user2. Or burn the file to a CD or
other WORM medium and run it from there. Or ...

You could say the same for any system that has to have an offline data
store. As for running as a different user , you can force the program
to run under a given user simply by refusing to run if its not got
that uid, and also refuse if it doesn't have read/write access to the
binary (or wherever it needs to write to).

You may also run afoul of a feature of present-day Solaris:
it can verify the digitally-signed checksum of an executable file
or library before permitting it to run. The verification is

Now that would be an issue though it perhaps wouldn't be impossible to
replace one tag with another that produces the same checksum , just
bloody hard.

B2003



.

Relevant Pages

  • Re: Cant undate running process binary in Solaris?
    ... that relies on modifying the executable file: Make a backup ... and restore from backup whenever the executable stops ... Or make the file owned by user1 with 755 permissions, ...
    (comp.unix.programmer)
  • Re: how to backup a WM 6.1 Pro device
    ... If you want to backup the registry on the device, etc., you should look at ... the PIM data, documents, settings, etc. to the storage card. ... placed in an executable file so, if I have to do a hard reset on the device ... Of course, if you do have a hard reset, you'll have to reinstall the ...
    (microsoft.public.pocketpc.activesync)
  • Re: Cant undate running process binary in Solaris?
    ... it can verify the digitally-signed checksum of an executable file ... continues to spread it would not surprise me to find verification ...
    (comp.unix.programmer)