防止修改脚本？ [英] Prevent Modification of Script?

问题描述

一旦部署了b / b
，是否可以阻止修改python文件？可以使用操作系统的文件权限。但是这并不是很好的。


我的问题的根源在于验证操作系统的完整性应用程序

和正在运行的脚本。这是可能的，如果是这样，怎么样？

Is it possible to prevent modification of a python file once its been
deployed? File permissions of the OS could be used..but that doesn''t
seem very secure.

The root of my question is verifying the integrity of the application
and the scripts being run. Is this possible, if so, how?

推荐答案

2007年4月4日星期三18:04:57 -0700，ts- dev写道：

On Wed, 04 Apr 2007 18:04:57 -0700, ts-dev wrote:

一旦部署了b / b
，是否可以防止修改python文件？可以使用操作系统的文件权限。但是这并不是很好的。


我的问题的根源在于验证操作系统的完整性应用程序

和正在运行的脚本。这是可能的，如果是这样，怎么样？

Is it possible to prevent modification of a python file once its been
deployed? File permissions of the OS could be used..but that doesn''t
seem very secure.

The root of my question is verifying the integrity of the application
and the scripts being run. Is this possible, if so, how?

最好的选择可能是某种加密签名机制。

但是，如果他们可以修改它，他们可能会修改它

签名检查被禁用。所以你需要一些你信任的东西。验证

表示签名。


基本上，除了受信任之外计算环境，你不能完全确保你想要的东西。操作系统权限可能是你最实用的东西;签名的东西可以愚弄一些

稍微强悍的攻击者。


一个重要因素：你是否担心其他

用户你的系统（或者在第三方控制下与你共享系统的其他用户），或者你是否担心人们会对他们自己的系统做什么？
？


- Michael

Your best bet is probably some sort of cryptographic signature mechanism.
However, if they can modify it, they can likely modify it so that the
signature check is disabled. So you need something you "trust" to verify
said signature.

So basically, except in a "trusted" computing environment, you cannot
entire ensure what you''re wanting. OS permissions are probably the
most practical thing you''ve got; the signature thing could fool some
slightly more intrepid attackers.

One significant factor: are you worried about other
users on your systems (or other users who share systems with you under a
third party''s control), or are you worried about what people will do on
their own systems?

- Michael

" ts-dev" < ti ******** @ gmail.comwrites：

"ts-dev" <ti********@gmail.comwrites:

是否可以阻止修改python文件

部署了吗？

Is it possible to prevent modification of a python file once its been
deployed?

防止由谁修改？


你不能阻止拥有者的修改

机器。这是他们所拥有的，并且可能是你的;他们可以做任何他们喜欢的事情。

Prevent modification by whom?

You can''t prevent modification by the person who owns the
machine. It''s in their possession, and presumably it''s out of yours;
they can do whatever they like.

我的问题的根源是验证

应用程序和正在运行的脚本的完整性。这是可能的，如果是这样，怎么样？

The root of my question is verifying the integrity of the
application and the scripts being run. Is this possible, if so, how?

永远不要将程序放在任何你不信任的人可以访问的地方

。


-

\我为什么要关心子孙后代？什么后代做了什么|

` \对我来说？ - Groucho Marx |

_o__）|

Ben Finney

Never put the program anywhere that someone you don''t trust has access
to it.

--
\ "Why should I care about posterity? What''s posterity ever done |
`\ for me?" -- Groucho Marx |
_o__) |
Ben Finney

ts-dev写道：

ts-dev wrote:

我的问题的根源是验证应用程序的完整性

和正在运行的脚本。

The root of my question is verifying the integrity of the application
and the scripts being run.

Google" md5sum"。然后google生日攻击。


James

Google "md5sum". Then google "birthday attack".

James

这篇关于防止修改脚本？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！