Prevent Modification of Script?
Steven W. Orr
steveo at syslang.net
Fri Apr 6 13:51:49 EDT 2007
On Wednesday, Apr 4th 2007 at 18:04 -0700, quoth ts-dev:
=>Is it possible to prevent modification of a python file once its been
=>deployed? File permissions of the OS could be used..but that doesn't
=>seem very secure.
=>
=>The root of my question is verifying the integrity of the application
=>and the scripts being run. Is this possible, if so, how?
I'm going to take a stab at this one even though I'm a really junior
pythonian.
I know others have already responded, but I'd like to offer a couple of
suggestions that have nothing to do with python. (BTW, I do applaud the
previous answers that suggest that this is really a non-problem in the
first place.)
1. *IF* you are on a linux target platform then it's likely that you have
a package management system in use, either rpm or deb. In either case,
you have the ability to verify by checksum, every file of any package.
In the case of rpm, just use the -V option.
2. You also have the ability to set the immutable flag on ext2/ext3
filesystems. See lsattr/chattr commands. Of course, if you can get root
access then you can shut off immutability, but you can also replace
your package management tools as well. AAAUUUGGGHHH!!!
--
Time flies like the wind. Fruit flies like a banana. Stranger things have .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
More information about the Python-list
mailing list