Whitelisting programs without relying on execute permissions
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Whitelisting programs without relying on execute permissions
I'm setting up a coin-op terminal in a bar to run some games. The way I've been doing it is to install command-line Ubuntu, then a bare-minimum X install. The machine auto logs on using mingetty, then runs X with my game executable.
Recent events require me to implement some kind of program whitelist, so that it's impossible for the normal user to run any other programs other than those required for logon and the games.
The obvious thing to do is to remove execute permissions for everything for normal users. However, the list of programs that the games DO require includes mount (for updates and dumping stats and accounting info to a USB stick) meaning that any program could be run from an attacker's USB stick.
One possible method I thought of to prevent arbitrary mount use would be to use a copy of the mount source code in my own program, but I think that might cause GPL issues.
So, is there any method I can use to prevent program execution without relying on the execute permissions? Ideally I'd like some method using a checksum to prevent an attacker renaming their program to the same name as one of mine.
Simplest is to put it in a lockbox, so only the screen & controls are reachable.
Any time you leave a port physically exposed, you're asking for trouble, especially if they can reach the power button/plug.
Simplest is to put it in a lockbox, so only the screen & controls are reachable.
Any time you leave a port physically exposed, you're asking for trouble, especially if they can reach the power button/plug.
I agree 100%, but unfortunately I can't do that. The inside of the machine has to be accessible for emptying the cashbox, and I need to be able to ask anyone with a key to the machine to do an update or data dump via USB (they would DL the update from my FTP server, put it on a stick and then apply it themselves).
This hasn't been a problem so far, but if I want to get bigger and start putting more machines out, then because it's a coin-op I have to follow certain rules, and this is one of them. Believe me, I've already had the "This is pointless, I could get round it by doing XXX" conversation with the authorities.
In additional horrible news, I've just discovered that the driver functions provided by the hardware manufacturer (for the controls) require any program using them to be launched with root access, so I can't even feasibly use the remove-execute-permissions method.
EDIT: Managed to get around this last issue by using /etc/rc.local, so not an immediate problem.
The obvious thing to do is to remove execute permissions for everything for normal users. However, the list of programs that the games DO require includes mount (for updates and dumping stats and accounting info to a USB stick) meaning that any program could be run from an attacker's USB stick.
You could remove execute permissions for everything and then whitelist just the programs you want using sudo. It also has some options for checksums, I think.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.