Whitelisting programs without relying on execute permissions

I'm setting up a coin-op terminal in a bar to run some games. The way I've been doing it is to install command-line Ubuntu, then a bare-minimum X install. The machine auto logs on using mingetty, then runs X with my game executable.

Recent events require me to implement some kind of program whitelist, so that it's impossible for the normal user to run any other programs other than those required for logon and the games.

The obvious thing to do is to remove execute permissions for everything for normal users. However, the list of programs that the games DO require includes mount (for updates and dumping stats and accounting info to a USB stick) meaning that any program could be run from an attacker's USB stick.

One possible method I thought of to prevent arbitrary mount use would be to use a copy of the mount source code in my own program, but I think that might cause GPL issues.

So, is there any method I can use to prevent program execution without relying on the execute permissions? Ideally I'd like some method using a checksum to prevent an attacker renaming their program to the same name as one of mine.

Simplest is to put it in a lockbox, so only the screen & controls are reachable.
Any time you leave a port physically exposed, you're asking for trouble, especially if they can reach the power button/plug.

Quote:

Originally Posted by chrism01 Simplest is to put it in a lockbox, so only the screen & controls are reachable. Any time you leave a port physically exposed, you're asking for trouble, especially if they can reach the power button/plug.

I agree 100%, but unfortunately I can't do that. The inside of the machine has to be accessible for emptying the cashbox, and I need to be able to ask anyone with a key to the machine to do an update or data dump via USB (they would DL the update from my FTP server, put it on a stick and then apply it themselves).

This hasn't been a problem so far, but if I want to get bigger and start putting more machines out, then because it's a coin-op I have to follow certain rules, and this is one of them. Believe me, I've already had the "This is pointless, I could get round it by doing XXX" conversation with the authorities.

In additional horrible news, I've just discovered that the driver functions provided by the hardware manufacturer (for the controls) require any program using them to be launched with root access, so I can't even feasibly use the remove-execute-permissions method.
EDIT: Managed to get around this last issue by using /etc/rc.local, so not an immediate problem.

Quote:

The obvious thing to do is to remove execute permissions for everything for normal users. However, the list of programs that the games DO require includes mount (for updates and dumping stats and accounting info to a USB stick) meaning that any program could be run from an attacker's USB stick.

You could remove execute permissions for everything and then whitelist just the programs you want using sudo. It also has some options for checksums, I think.