Subject: Re: what's in a name? fingerprinted exec
To: Justin Wojdacki <email@example.com>
From: Brett Lymn <firstname.lastname@example.org>
Date: 10/15/2002 20:53:10
On Mon, Oct 14, 2002 at 10:43:28AM -0700, Justin Wojdacki wrote:
> What is the procedure for adding a fingerprint to the system?
I take it you mean where do the fingerprints that get stuffed into the
kernel via the pseudo-device come from... I have a couple of scripts
that trawl the machine looking for executables and .so files, for each
one of these files md5 or sha1 (depending on the script) is run and
the results formatted up into a config file line for the fingerprint
loader. The idea being you can generate the fingerprints yourself and
then hack the (too big) list of fingerprints for the things you want
> How does the system know that a text file is a shell script? This is
> possibly answered by the previous, but I'm thinking of the case where
> the script doesn't have #!/bin/sh or #!/usr/bin/perl or whatever in
> it's first line.
That is a good question - I know that if you run a shell script like
that then the currently running shell is used as the interpreter.
What I have done simply adds another check to the check_exec function
which is the kernel function that decides whether or not something is
allowed to run so I think that case is covered. I shall check that
this is so.