Subject: Re: verified executable kernel modification committed
To: None <>
From: Andrew Brown <>
List: tech-security
Date: 10/31/2002 17:21:52
>>This doesn't stop arbitrary scripts from being run, but at least with
>>the basic POSIX scripting tool, /bin/sh, there's not a whole lot of
>>difference in the functional effects between a script and an iteration
>>of a bunch of commands with carefully controlled parameters, i.e.
>>scripts don't really let you do anything you can't already do by rote,
>>given a certain set of available underlying programs.
>With the code that Brett has provided, you can provide interpretters on
>the system which cannot be used in such a way, though.

ah.  forgive me if this has been covered already (i lost track of
where i was in the thread and probably missed some stuff), but is this
a "binary only" feature, or can i use this for scripts as well?

for example...

is it possible to "sign" a "script" such that it can be read or
executed by anyone, but not everyone can use the interpreter for
anything, and the script won't work if copied to a different location?

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."