* How to disable application run
@ 2016-10-04 9:51 Marcin Głogowski
2016-10-04 11:00 ` Chény, Yves-Gael
[not found] ` <CAMraO6879JeigufNChzYwrY5faMEjD8ExNJDAnA1L-WM_NwkQg@mail.gmail.com>
0 siblings, 2 replies; 4+ messages in thread
From: Marcin Głogowski @ 2016-10-04 9:51 UTC (permalink / raw)
To: linux-c-programming
Hello guys,
I have to create Linux based solution to prevent running applications
from the blacklist.
How can I achieve this? Which part of the Linux kernel is needed to
achieve this?
I think it would be nice to create block device which will store black
and white list, but I have no idea what part
of the kernel is responsible for this functionality.
It is not possible to kill the application after run - I have to find
nicer solution.
Thank you much, regards CiN
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How to disable application run
2016-10-04 9:51 How to disable application run Marcin Głogowski
@ 2016-10-04 11:00 ` Chény, Yves-Gael
[not found] ` <CAMraO6879JeigufNChzYwrY5faMEjD8ExNJDAnA1L-WM_NwkQg@mail.gmail.com>
1 sibling, 0 replies; 4+ messages in thread
From: Chény, Yves-Gael @ 2016-10-04 11:00 UTC (permalink / raw)
To: Marcin Głogowski, linux-c-programming
Mardi 04-10-2016 à 11:51 Marcin Głogowski a écrit:
> Hello guys,
> I have to create Linux based solution to prevent running applications
> from the blacklist.
> How can I achieve this? Which part of the Linux kernel is needed to
> achieve this?
> I think it would be nice to create block device which will store black
> and white list, but I have no idea what part
> of the kernel is responsible for this functionality.
> It is not possible to kill the application after run - I have to find
> nicer solution.
> Thank you much, regards CiN
Hi,
I do not really understand what you intend to do? On what basis do you intend to blacklist an application?
On his name? It's easy to change it ! Otherwise, to answer your question, I personally will create a patch at the allocation of pid. This placed just before the execution but you still a lot of information about the process asking to be launched. Do a search around "alloc_pid" in the linux kernel sources.
good luck,
Yves.
^ permalink raw reply [flat|nested] 4+ messages in thread
* How to disable application run
[not found] ` <CAMraO6879JeigufNChzYwrY5faMEjD8ExNJDAnA1L-WM_NwkQg@mail.gmail.com>
@ 2016-10-04 11:33 ` Ilya Guterman
2016-10-04 12:26 ` Raphael Prudencio
0 siblings, 1 reply; 4+ messages in thread
From: Ilya Guterman @ 2016-10-04 11:33 UTC (permalink / raw)
To: Marcin Głogowski; +Cc: linux-c-programming@vger.kernel.org
Hey CiN,
You can write LKM which overrides the execve syscall and checks
wherever the filename is blacklisted, but overriding syscall is
considered bad.
Maybe there is a better solution I am not aware of.
Regards amfern.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How to disable application run
2016-10-04 11:33 ` Ilya Guterman
@ 2016-10-04 12:26 ` Raphael Prudencio
0 siblings, 0 replies; 4+ messages in thread
From: Raphael Prudencio @ 2016-10-04 12:26 UTC (permalink / raw)
To: Ilya Guterman; +Cc: Marcin Głogowski, linux-c-programming@vger.kernel.org
Have you tried selinux?
Sent from my iPhone
> On 4 Oct 2016, at 13:33, Ilya Guterman <iliyagutermann@gmail.com> wrote:
>
> Hey CiN,
>
> You can write LKM which overrides the execve syscall and checks
> wherever the filename is blacklisted, but overriding syscall is
> considered bad.
> Maybe there is a better solution I am not aware of.
>
> Regards amfern.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-10-04 12:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-04 9:51 How to disable application run Marcin Głogowski
2016-10-04 11:00 ` Chény, Yves-Gael
[not found] ` <CAMraO6879JeigufNChzYwrY5faMEjD8ExNJDAnA1L-WM_NwkQg@mail.gmail.com>
2016-10-04 11:33 ` Ilya Guterman
2016-10-04 12:26 ` Raphael Prudencio
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).