replace uname -a informational string
Michael B. Eichorn
ike at michaeleichorn.com
Sat Oct 24 03:53:39 UTC 2015
On Sat, 2015-10-24 at 08:09 +0800, Erich Dollansky wrote:
> On Fri, 23 Oct 2015 22:54:24 +0200
> "O. Hartmann" <ohartman at zedat.fu-berlin.de> wrote:
> > Am Fri, 23 Oct 2015 13:45:25 -0400
> > "Michael B. Eichorn" <ike at michaeleichorn.com> schrieb:
> > First of all: Thank you very much for your concerns and answers.
> > > On Fri, 2015-10-23 at 09:08 +0200, O. Hartmann wrote:
> > > > For security purposes, I need to replace the informations given
> > > > by
> > > > "uname -a"
> > > > to hode the kernel build system, name et cetera.
> > >
> > > I presume you intendend 'hide' here?
> > >
> > > If you want to scrub a binaries of _all_ information about the
> > > building system this is a problem Debian is actively working on
> > > called 'reproducible builds' but is not possible today.
> > >
> > > https://reproducible.debian.net
> > >
> > > If you want to hide the hostname, why not just build with a
> > > different hostname set?
> > Because it is not only the hostname, uname reveals the target host,
> > date and OS version.
> > In our case, the image ist built on a dedicated host for a security
> > appliabce based on NanoBSD and I'd like to hide the OS type, the OS
> > name, the build box' name and the build date.
> why not replace uname at the source level then?
That wouldn't hide the information in any substantial way. Uname is
basically an abstraction of a subset of sysctls. As such, the information
is integral to the kernel itself. Uname is just one of many tools that
can be used to display this information.
Fundamentally the kernel itself needs to be changed not uname.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5761 bytes
Desc: not available
More information about the freebsd-questions