Prevent Modification of Script?
Michael Ekstrand
usenet at elehack.net
Wed Apr 4 21:10:29 EDT 2007
On Wed, 04 Apr 2007 18:04:57 -0700, ts-dev wrote:
> Is it possible to prevent modification of a python file once its been
> deployed? File permissions of the OS could be used..but that doesn't
> seem very secure.
>
> The root of my question is verifying the integrity of the application
> and the scripts being run. Is this possible, if so, how?
Your best bet is probably some sort of cryptographic signature mechanism.
However, if they can modify it, they can likely modify it so that the
signature check is disabled. So you need something you "trust" to verify
said signature.
So basically, except in a "trusted" computing environment, you cannot
entire ensure what you're wanting. OS permissions are probably the
most practical thing you've got; the signature thing could fool some
slightly more intrepid attackers.
One significant factor: are you worried about other
users on your systems (or other users who share systems with you under a
third party's control), or are you worried about what people will do on
their own systems?
- Michael
More information about the Python-list
mailing list