valley@gsbsun.uchicago.edu (Doug Dougherty) (06/29/91)
I maintain a directory of publicly accessible utilities on our network. I would like for it to be possible for users to be able to run these programs, but not copy them elsewhere. I.e., the eqv of setting the X bit (only) under Unix. I assume this is a common problem, and I think newer versions of Netware (we are running 2.15) may in fact have this built-in, but I was wondering if there was any way to accomplish it under the version we are running. One way that occurs to me to solve this is to do something similar to what the EXE compressors (Diet, LZEXE, etc) do, namely put some kind of header code onto the beginning of each executable file that would get control before the actual program. Then you could write a little patch that would look up the full program name in the environment block (DOS 3.x+ only) and abort if it wasn't what it should be. Of course, you would encrypt the name of the file in the executable to discourage hacking. I know just about enough to do this, but I would appreciate any pointers to books, articles, etc that describe how to hack the EXE header. Thanks in advance... -- (Another fine mess brought to you by valley@gsbsun.uchicago.edu)
cfrank@cacofonix.cs.uoregon.edu (Christian Frank) (06/29/91)
In article <1991Jun28.171404.18405@midway.uchicago.edu> you write: >I maintain a directory of publicly accessible utilities on our network. >I would like for it to be possible for users to be able to run these >programs, but not copy them elsewhere. I.e., the eqv of setting the X >bit (only) under Unix. > >I assume this is a common problem, and I think newer versions of Netware >(we are running 2.15) may in fact have this built-in, but I was >wondering if there was any way to accomplish it under the version we are >running. >[possible way to achive this deleted] > (Another fine mess brought to you by valley@gsbsun.uchicago.edu) In fact there is an execute only attribute for files (i.e. not for directories) in Netware 2.x. You can only find it in the FILER utility under FILE ATTRIBUTES. The effect is that if you set it nobody will be able to read that file, it can only be executed or deleted. Note that this attribute can not be removed by anyone (not even the supervisor) (as far as I know), so you will need to keep an unprotected copy around somewhere in a protected directory. Christian ------------------------------------------------------------------------------- Christian Frank | Dingelingnet: (503)-343-9423 | This space | Computer Science | Internet : cfrank@cs.uoregon.edu | intentionally | Univ. of Oregon | Bitnet : cfrank@oregon.uoregon.edu | left blank |
nengle@copper.ucs.indiana.edu (nathan engle) (06/29/91)
In article <1991Jun28.171404.18405@midway.uchicago.edu> valley@gsbsun.uchicago.edu (Doug Dougherty) writes: >I maintain a directory of publicly accessible utilities on our network. >I would like for it to be possible for users to be able to run these >programs, but not copy them elsewhere. I.e., the eqv of setting the X >bit (only) under Unix. > >I assume this is a common problem, and I think newer versions of Netware >(we are running 2.15) may in fact have this built-in, but I was >wondering if there was any way to accomplish it under the version we are >running. Novell 2.15 does have an execute-only attribute that you can set to allow execution but not copying. I think you may have to get into FILER to set the bit. Try looking at the attributes of the file(s) you want to protect and then press <Ins> to see what other attributes you can tag onto them. Execute-only will appear in that list. -- Nathan Engle Software Juggler Indiana University Dept of Psychology nengle@copper.ucs.indiana.edu