Obfuscate'ing a.out ... ???

newbie_01 · May 30, 2010, 7:20am

Hi all,

I've search the forums regarding posts similar to this already but can't find the suitable response. Am actually looking for something very trivial I think. I just want to mask/obfuscate the a.out file and run it like a normal UNIX program. I've look at gpg and encryption but it requires a pass phrase which is not possible if I want to run the program via a cron job.

Any advise will be very much appreciated. Note that the code below is just an example. I suppose am looking for someting like a Base64 encoder/decoder kind of thing that some PHP sites uses so that the PHP codes are still runnable but the visitors does not see the actual PHP codes.

Thanks in advance.

#include<stdio.h>

main()
{
   /* system("monitor_standby_physical.sh"); */

  system("sqlplus system/oracle@test");
}

strings a.out:

/lib64/ld-linux-x86-64.so.2
_Jv_RegisterClasses
__gmon_start__
libc.so.6
system
__libc_start_main
GLIBC_2.2.5
sqlplus system/oracle@test

jim_mcnamara · May 30, 2010, 8:57am

Put that in the oracle crontab, place a.out (owned by oracle) with 700 protections in an oracle owned directory. Embedded passwords in code are always a problem.

Another choice is embed an encrypted passwd and decode it during runtime. And as long as the executable is in a protected directory with correct protections it will be reasonably safe.

If the oracle directory tree is wide open, you have so many other security problems, this one doesn't matter.

achenle · May 30, 2010, 12:21pm

You can also build the string one character at a time:

    char command[ 28 ];
    command[ 0 ] = 's';
    command[ 1 ] = 'q';
        .
        .
        .
    command[ 27 ] = '\0';

Of course, anyone on the server who runs a "ps" command will see your password anyway....

DreamWarrior · June 2, 2010, 8:01pm

achenle:

You can also build the string one character at a time:
   char command[ 28 ];
   command[ 0 ] = 's';
   command[ 1 ] = 'q';
   .
   .
   .
   command[ 27 ] = '\0';
Of course, anyone on the server who runs a "ps" command will see your password anyway....

Good point...though, I'm not the OP...so maybe that doesn't matter to him. I wonder if you can restrict ps somehow....?

jim_mcnamara · June 2, 2010, 9:30pm

If your system supports acl's you can limit ps that way. Or put users in a chroot jail.

Basically, if you want to protect an application password the way the OP wants to use one, you really should not let users get to the unix prompt.