4.9.20: Run only signed application

Hello,

My embedded PC is running vanilla 4.9.20(x64) + busybox.
I have a new requirement:
Linux can run only busybox utilities (e.g ls) and only specific applications signed offline by me.

Is it possible ?
If yes - What part in kernel is responsible for running applications ?
My idea is to add a little code that can decide which application to run.

Thank you,
Zvika

Quote:

Originally Posted by zvivered Hello, My embedded PC is running vanilla 4.9.20(x64) + busybox. I have a new requirement: Linux can run only busybox utilities (e.g ls) and only specific applications signed offline by me. Is it possible ? If yes - What part in kernel is responsible for running applications ? My idea is to add a little code that can decide which application to run.

Great...so why don't you implement your idea, then??? As a kernel developer for *FIFTEEN YEARS* now, you should be very familiar with all of this, and the concept of "user space".

Especially since you've asked about user space, signed applications, launching applications in different sessions, etc., etc. What have you actually DONE and TRIED to make your idea work??? Can do things like this with basic user permissions, sudo, etc., not to mention simply writing your own shell interpreter. At what point are you going to be able to apply anything you've been told in the past?

Hi TBOne,

I did not implement my idea because I do not know how.
This is the reason I asked the question.

I developed few kernel modules - so what ?
It does not mean that I'm Linus Torvalds.

The part in kernel responsible for running applications is the process manager.
Does it make sense to add code to this manager ?

Thank you,
Zvika

Quote:

Originally Posted by zvivered Hi TBOne, I did not implement my idea because I do not know how. This is the reason I asked the question. I developed few kernel modules - so what ? It does not mean that I'm Linus Torvalds. The part in kernel responsible for running applications is the process manager. Does it make sense to add code to this manager ?

So you developed kernel modules...but aren't sure if adding code to that module is the right thing to do??? Why don't you *TRY IT AND FIND OUT*??? Again, you were given suggestions...did you read/understand/try them???

After fifteen years being a developer, do you seriously have NO IDEAS AT ALL on how to write code to do what you want??? You AGAIN don't describe fully what you need/want, but if this is your job and your 'requirement', and you have a 'team' working on custom hardware, you should easily know your full environment, what you have to work with, and be able to discuss things with your 'team' to come up with ideas. Have you done that???

Hi TBOne,

The signed application should run automatically upon boot completion.
Currently it runs from /etc/init.d/rcS (not signed)

So I'm not sure writing my own shell interpreter will help.

Thank you,
Zvika

Quote:

Originally Posted by zvivered Hi TBOne, The signed application should run automatically upon boot completion. Currently it runs from /etc/init.d/rcS (not signed) So I'm not sure writing my own shell interpreter will help.

AGAIN, as you've been told MANY times before, providing actual details would help. Your initial question was allowing only signed applications, which sounds like you want USERS to run it, doesn't it???

If this application is only ever going to be run by the system at boot, then you should have MANY ideas on how to check its validity. Especially after fifteen years working with low-level code, right??? Since you *AGAIN* tell us nothing about the system, what it is/does, what this mystery application is, language it's written in, etc., why do you expect us to continue to play guessing games???

YOU are the developer; YOU wrote the code; YOU know what you want it to do, and YOU won't tell us anything about this system, despite us asking for YEARS now. You and your 'team' should be able to figure something out.

Hi TBOne,

The executable is a C++ application.
I know how to check the validity of the signed binary file (compiled by Intel compiler)

But I want that the system can run only this application.
If an attacker copies another application into the system's disk that was not created by me, it will not run.

Thank you,
Zvika

Quote:

Originally Posted by zvivered Hi TBOne, The executable is a C++ application. I know how to check the validity of the signed binary file (compiled by Intel compiler) But I want that the system can run only this application. If an attacker copies another application into the system's disk that was not created by me, it will not run.

AGAIN:

• You know how to check the validity of the application
• It only runs at boot time via the system boot process
• You *STILL* don't answer ANY questions about this mystery system, what it does, etc. despite being asked MANY times.

Why do you still expect people to guess, and give you suggestions on how to do your job that you've been doing for FIFTEEN YEARS??? Do you not work with your 'team' on this??? Why can't you modify your code to perform a validity check before running??? Why can't you modify the OS to not boot if that program has been changed?? After all, you have a custom kernel on custom hardware, right??? And you wrote ALL of that...should be trivial for you to do.

What are you expecting people here to tell you when we have no information about your system, hardware, software, OS, etc. All of it is custom and you refuse to answer questions about it. This needs to be figured out by you and your team...there is NOTHING anyone can tell you, since you won't answer questions or pay attention to what you're being told.

::EDIT:: Since you've apparently carpet-bombed other forums with this same question, why don't you take those other similar answers as well???

Yes, I just don't understand.
As far as I see they should run after the boot is completed, automatically.
And who has access to that computer? You can simply deny to log in to anyone, except you, and in that case nobody will use that host.

Quote:

Originally Posted by pan64 Yes, I just don't understand. As far as I see they should run after the boot is completed, automatically. And who has access to that computer? You can simply deny to log in to anyone, except you, and in that case nobody will use that host.

Yep, exactly the things I was wondering too. OP has a history of this, and (to my knowledge) has NEVER said what kind of hardware this is, but only hints at some things. Hard to know why someone who built custom FPGA hardware, wrote kernel modules, and built their own kernel for this custom hardware has no ideas.

pan64 - Thank you for your reply.
TBOne - The CPU in the PC is Intel's Pentium M. Legacy BIOS.

Using iptables, I plan to block all IP protocols (e.g ping, ssh, telnet)
But this can be hacked by attacker. Am I wrong ?

Thank you,
Zvika

I just don't understand you. What is it all about? You need to switch off all the ports/protocols you don't use. But you can't block if they are really in use. Anyway. without knowing some useful details hard to say anything.

Quote:

Originally Posted by zvivered pan64 - Thank you for your reply. TBOne - The CPU in the PC is Intel's Pentium M. Legacy BIOS.

Which, *STILL* (after being told many, MANY times) is near meaningless. The hardware isn't just the CPU, is it???

Quote:

Using iptables, I plan to block all IP protocols (e.g ping, ssh, telnet) But this can be hacked by attacker. Am I wrong ?

Again, after fifteen years why don't you know the answer to this??? And what does iptables have to do with a signed application that runs at boot time??? Pan64 asked what access people had to the machine, but you (AGAIN) don't bother answering.

If someone can get to the console at power-on, they can do whatever they want, including booting it from a USB stick, and mounting the hard drive to do whatever they want, right??? Your question keeps changing and you don't ask something clearly. Why don't you work with your 'team' and figure out a solution, since you won't tell anyone here any meaningful details.