protect the start of an application using password
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I thought about this before. Encryption is the next thing that comes to mind after users/groups. Plus, even with users and groups the device could be mounted on another system and the binary copied. I'd do this:
1) create a small random file (maybe 3x the size of the binary itself)
2) loop the file using kernel encryption
3) create a file system on the loop
4) mount the loop and place your binary on the file system
5) unmount and unloop
In the script, all you have to do is loop/mount the encrypted file system image and execute the binary from it. If you need more specific help, let me know. Do you have kernel 2.6?
ta0kira
I believe a script in this case would be next to useless, as it relies on obfuscating the true location of the executable so that the script is called instead and a password must be given. If anyone was able to examine the script they could learn the location of the true executable, or even if they knew the executable's filesize they might be able to find it.
I believe a script in this case would be next to useless, as it relies on obfuscating the true location of the executable so that the script is called instead and a password must be given. If anyone was able to examine the script they could learn the location of the true executable, or even if they knew the executable's filesize they might be able to find it.
That's why I suggested encryption. The script can make the losetup, dmcrypt, and mount calls while leaving the password up to the user. Anyone would be able to find the image, but no one would have the encryption password except the correct user, making it useless to anyone else.
ta0kira
For such script to be useful you need to restrict the access to the executable you want to protect so only the script can execute it, but not a regular user. You can store a hash of the password not the password itself (for example md5 hash), then the script should require the user to enter the password, compute its hash value and compare it with the one already stored, if they match the script should execute the protected executable. The stored hash value also must be accessible only from the script.
Usually the easiest way to restrict the access to the protected executable is to set apropriate ownership/permissions, but then instead of using your own script you can use sudo. See its man page.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
