Is there any way to stop a user from creating executables and running them?Permission of a .desktop fileWhat are the differences between executing shell scripts using “source file.sh”, “./file.sh”, “sh file.sh”, “. ./file.sh”?how do i stop root from running a programIs there any way to log activites performed by a user(another super user)?Running shell script from external drive via live userDifferentiating user-defined executables from pre-existing executables

What is a good class if we remove subclasses?

On math looking obvious in retrospect

Why did I get only 5 points even though I won?

Why I have higher ping to the VLAN interface than to other local interfaces

Why command hierarchy, if the chain of command is standing next to each other?

How to take the beginning and end parts of a list with simpler syntax?

How can I decide if my homebrew item should require attunement?

How would timezones work on a planet 100 times the size of our Earth

What does the phrase "pull off sick wheelies and flips" mean here?

How to remove ambiguity: "... lives in the city of H, the capital of the province of NS, WHERE the unemployment rate is ..."?

A continuous water "planet" ring around a star

how do companies get money from being listed publicly

Voltage across a resistor

First amendment and employment: Can a police department terminate an officer for speech?

Can "être sur" mean "to be about" ?

Do beef farmed pastures net remove carbon emissions?

When were the tantalum capacitors first used in computing?

Is this curved text blend possible in Illustrator?

Boss wants me to ignore a software license

How to assign many blockers at the same time?

Should I ask for permission to write an expository post about someone else's research?

A Word/Phrase for the Process of Classifying Something as a Sin

How to describe accents?

Why does chown not work in RUN command in Docker?



Is there any way to stop a user from creating executables and running them?


Permission of a .desktop fileWhat are the differences between executing shell scripts using “source file.sh”, “./file.sh”, “sh file.sh”, “. ./file.sh”?how do i stop root from running a programIs there any way to log activites performed by a user(another super user)?Running shell script from external drive via live userDifferentiating user-defined executables from pre-existing executables






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








8















Ransomware attacks could use zero-day exploits, but often an attacker will just fool a gullible user into running an executable by downloading and clicking.



Suppose we have a naive user and want to restrict them to the normal path. Is there any way to restrict them from creating a file with executable privilege?



Or, more generally, is there any way to build an access control list and define that this user may only execute files in this list?






permissions security executable restricted-access







share|improve this question





















  • 3





    To disable execution in this manner would prohibit users from being able to do anything on system. There is no mechanism for this in-built to the system or even with third party software that I am aware of to do this type of security lockdown

    – Thomas Ward
    8 hours ago


















8















Ransomware attacks could use zero-day exploits, but often an attacker will just fool a gullible user into running an executable by downloading and clicking.



Suppose we have a naive user and want to restrict them to the normal path. Is there any way to restrict them from creating a file with executable privilege?



Or, more generally, is there any way to build an access control list and define that this user may only execute files in this list?






permissions security executable restricted-access







share|improve this question





















  • 3





    To disable execution in this manner would prohibit users from being able to do anything on system. There is no mechanism for this in-built to the system or even with third party software that I am aware of to do this type of security lockdown

    – Thomas Ward
    8 hours ago














8












8








8








Ransomware attacks could use zero-day exploits, but often an attacker will just fool a gullible user into running an executable by downloading and clicking.



Suppose we have a naive user and want to restrict them to the normal path. Is there any way to restrict them from creating a file with executable privilege?



Or, more generally, is there any way to build an access control list and define that this user may only execute files in this list?






permissions security executable restricted-access







share|improve this question
















Ransomware attacks could use zero-day exploits, but often an attacker will just fool a gullible user into running an executable by downloading and clicking.



Suppose we have a naive user and want to restrict them to the normal path. Is there any way to restrict them from creating a file with executable privilege?



Or, more generally, is there any way to build an access control list and define that this user may only execute files in this list?






permissions security executable restricted-access




permissions security executable restricted-access






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 7 hours ago









Eliah Kagan

88k22 gold badges244 silver badges387 bronze badges




88k22 gold badges244 silver badges387 bronze badges










asked 9 hours ago









DovDov

2261 silver badge10 bronze badges




2261 silver badge10 bronze badges










  • 3





    To disable execution in this manner would prohibit users from being able to do anything on system. There is no mechanism for this in-built to the system or even with third party software that I am aware of to do this type of security lockdown

    – Thomas Ward
    8 hours ago













  • 3





    To disable execution in this manner would prohibit users from being able to do anything on system. There is no mechanism for this in-built to the system or even with third party software that I am aware of to do this type of security lockdown

    – Thomas Ward
    8 hours ago








3




3





To disable execution in this manner would prohibit users from being able to do anything on system. There is no mechanism for this in-built to the system or even with third party software that I am aware of to do this type of security lockdown

– Thomas Ward
8 hours ago






To disable execution in this manner would prohibit users from being able to do anything on system. There is no mechanism for this in-built to the system or even with third party software that I am aware of to do this type of security lockdown

– Thomas Ward
8 hours ago











2 Answers
2






active

oldest

votes


















11














The specific attack you've expressed concern about is:




often an attacker will just fool a gullible user into running an executable by downloading and clicking.




At least in the common case where the file is downloaded in a web browser, this should already be prevented in Ubuntu by the browser's adherence to the Execute-Permission Bit Required policy. The most directly relevant parts of that policy are:





  • Applications, including desktops and shells, must not run executable code from files when they are both:



    • lacking the executable bit

    • located in a user's home directory or temporary directory.







  • Files downloaded from a web browser, mail client, etc. must never be saved as executable.



So if a user is told to download a program in a web browser, does so, and attempts to run the file by double-clicking on it, it won't run. This applies even if the file downloaded is a shell script or even a .desktop file. (If you've ever wondered why .desktop files in your home directory have to be marked executable even though they're not really programs, that's why.)



It is possible for users to alter this behavior through configuration changes. Most will not, and while those who do probably shouldn't, that's not really what you have to worry about. The bigger concern is the more complex attack that I think you're already worried about, in which a malicious person (or bot) instructs the user to download a specific file, mark it executable themselves (through their file browser or with chmod), and then run it.



Unfortunately, restricting a user's ability to set the execute bit on a file or to execute files other than those on some whitelist wouldn't noticeably mitigate the problem. Some attacks will already work, and those that don't could be trivially modified so that they do. The fundamental issue is that the effect of running a file can be achieved even if the file doesn't have executable permissions.



This is best illustrated by example. Suppose evil is a file in the current directory that, if given executable permissions (chmod +x evil) and run (./evil), would do something evil. Depending on what kind of program it is, the same effect may be achieved by one of the following:




  • . ./evil or source ./evil runs the commands in evil.sh in the currently running shell.


  • bash ./evil runs evil in bash.


  • python3 evil runs evil in python3.


  • perl evil runs evil in perl.

  • ...and in general, interpreter evil runs evil in the interpreter interpreter.

  • On most systems, /lib64/ld-linux-x86-64.so.2 ./evil runs the binary executable evil.

None of those, not even the last one, require that the file have executable permissions or even that the user be able to give the file executable permissions.



But the malicious instructions don't even have to be that complicated. Consider this non-malicious command, which is one of the officially recommended ways to install or update NVM:



wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash


The reason that's not malicious is that NVM isn't malware, but if the URL were instead to someone's script that does evil when run, that command would download and run the script. At no point would any file need to be given executable permissions. Downloading and running the code contained in a malicious file with a single command like this is, I believe, a pretty common action that attackers trick users into taking.



You might think of trying to restrict what interpreters are available for the users to run. But there isn't really a way to do this that doesn't substantially impact the ordinary tasks you presumably want users to be able to do. If you're setting up an extremely restricted environment on which nearly everything a user would think of to do on a computer is disallowed, like a kiosk that only runs a couple programs, then this might provide some measure of meaningful protection. But it doesn't sound like that's your use case.



So the approximate answer to your question is, "No." The fuller answer is that you could probably manage to prevent users from executing any files except those that you supply on a whitelist. But that's in the strict, technical sense of "execute," which is not needed to achieve the full effect of running most programs or scripts. To prevent that, you could try to make the whitelist very small, so it didn't list any interpreters except those that could be highly restricted. But even if you managed that, users couldn't do much, and if you made it so small they couldn't hurt themselves, they probably couldn't do anything. (See Thomas Ward's comment.)



If your users can hurt themselves, they can be fooled into hurting themselves.



You may be able to restrict specific programs from being used or otherwise behaving in ways that are likely to be harmful, and if you're looking at specific patterns ransomware tends to follow, you may be able to prevent some specific common cases. (See AppArmor.) That might provide some value. But it won't give you anything close to the comprehensive solution you're hoping for.



Whatever technical measures (if any) you end up taking, your best bet is to educate users. This includes telling them not to run commands they don't understand and not to use downloaded files in situations where they wouldn't be able to explain why it's reasonably safe to do so. But it also includes things like making backups, so that if something does go wrong (due to malware or otherwise), the harm done will be as little as possible.






share|improve this answer



























  • Awesome and upvoted.

    – WinEunuuchs2Unix
    6 hours ago


















0














From: In Linux, how can I prevent users from executing chown, chgrp or chmod?




chown: Already requires root.



chgrp: Users can only change into groups they themselves belong to.



chmod: Probably impossible to restrict - unless you also block all
programming language compilers/interpreters and disable any remote
filesystem access (including SFTP).



(It might be possible to block the chmod() syscall with something
like AppArmor (if it can block syscalls at all), but it would break a
whole lot of programs.)




It sounds like you've come up with a great feature request for Firefox and Chrome.






share|improve this answer



























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "89"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1165175%2fis-there-any-way-to-stop-a-user-from-creating-executables-and-running-them%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    11














    The specific attack you've expressed concern about is:




    often an attacker will just fool a gullible user into running an executable by downloading and clicking.




    At least in the common case where the file is downloaded in a web browser, this should already be prevented in Ubuntu by the browser's adherence to the Execute-Permission Bit Required policy. The most directly relevant parts of that policy are:





    • Applications, including desktops and shells, must not run executable code from files when they are both:



      • lacking the executable bit

      • located in a user's home directory or temporary directory.







    • Files downloaded from a web browser, mail client, etc. must never be saved as executable.



    So if a user is told to download a program in a web browser, does so, and attempts to run the file by double-clicking on it, it won't run. This applies even if the file downloaded is a shell script or even a .desktop file. (If you've ever wondered why .desktop files in your home directory have to be marked executable even though they're not really programs, that's why.)



    It is possible for users to alter this behavior through configuration changes. Most will not, and while those who do probably shouldn't, that's not really what you have to worry about. The bigger concern is the more complex attack that I think you're already worried about, in which a malicious person (or bot) instructs the user to download a specific file, mark it executable themselves (through their file browser or with chmod), and then run it.



    Unfortunately, restricting a user's ability to set the execute bit on a file or to execute files other than those on some whitelist wouldn't noticeably mitigate the problem. Some attacks will already work, and those that don't could be trivially modified so that they do. The fundamental issue is that the effect of running a file can be achieved even if the file doesn't have executable permissions.



    This is best illustrated by example. Suppose evil is a file in the current directory that, if given executable permissions (chmod +x evil) and run (./evil), would do something evil. Depending on what kind of program it is, the same effect may be achieved by one of the following:




    • . ./evil or source ./evil runs the commands in evil.sh in the currently running shell.


    • bash ./evil runs evil in bash.


    • python3 evil runs evil in python3.


    • perl evil runs evil in perl.

    • ...and in general, interpreter evil runs evil in the interpreter interpreter.

    • On most systems, /lib64/ld-linux-x86-64.so.2 ./evil runs the binary executable evil.

    None of those, not even the last one, require that the file have executable permissions or even that the user be able to give the file executable permissions.



    But the malicious instructions don't even have to be that complicated. Consider this non-malicious command, which is one of the officially recommended ways to install or update NVM:



    wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash


    The reason that's not malicious is that NVM isn't malware, but if the URL were instead to someone's script that does evil when run, that command would download and run the script. At no point would any file need to be given executable permissions. Downloading and running the code contained in a malicious file with a single command like this is, I believe, a pretty common action that attackers trick users into taking.



    You might think of trying to restrict what interpreters are available for the users to run. But there isn't really a way to do this that doesn't substantially impact the ordinary tasks you presumably want users to be able to do. If you're setting up an extremely restricted environment on which nearly everything a user would think of to do on a computer is disallowed, like a kiosk that only runs a couple programs, then this might provide some measure of meaningful protection. But it doesn't sound like that's your use case.



    So the approximate answer to your question is, "No." The fuller answer is that you could probably manage to prevent users from executing any files except those that you supply on a whitelist. But that's in the strict, technical sense of "execute," which is not needed to achieve the full effect of running most programs or scripts. To prevent that, you could try to make the whitelist very small, so it didn't list any interpreters except those that could be highly restricted. But even if you managed that, users couldn't do much, and if you made it so small they couldn't hurt themselves, they probably couldn't do anything. (See Thomas Ward's comment.)



    If your users can hurt themselves, they can be fooled into hurting themselves.



    You may be able to restrict specific programs from being used or otherwise behaving in ways that are likely to be harmful, and if you're looking at specific patterns ransomware tends to follow, you may be able to prevent some specific common cases. (See AppArmor.) That might provide some value. But it won't give you anything close to the comprehensive solution you're hoping for.



    Whatever technical measures (if any) you end up taking, your best bet is to educate users. This includes telling them not to run commands they don't understand and not to use downloaded files in situations where they wouldn't be able to explain why it's reasonably safe to do so. But it also includes things like making backups, so that if something does go wrong (due to malware or otherwise), the harm done will be as little as possible.






    share|improve this answer



























    • Awesome and upvoted.

      – WinEunuuchs2Unix
      6 hours ago















    11














    The specific attack you've expressed concern about is:




    often an attacker will just fool a gullible user into running an executable by downloading and clicking.




    At least in the common case where the file is downloaded in a web browser, this should already be prevented in Ubuntu by the browser's adherence to the Execute-Permission Bit Required policy. The most directly relevant parts of that policy are:





    • Applications, including desktops and shells, must not run executable code from files when they are both:



      • lacking the executable bit

      • located in a user's home directory or temporary directory.







    • Files downloaded from a web browser, mail client, etc. must never be saved as executable.



    So if a user is told to download a program in a web browser, does so, and attempts to run the file by double-clicking on it, it won't run. This applies even if the file downloaded is a shell script or even a .desktop file. (If you've ever wondered why .desktop files in your home directory have to be marked executable even though they're not really programs, that's why.)



    It is possible for users to alter this behavior through configuration changes. Most will not, and while those who do probably shouldn't, that's not really what you have to worry about. The bigger concern is the more complex attack that I think you're already worried about, in which a malicious person (or bot) instructs the user to download a specific file, mark it executable themselves (through their file browser or with chmod), and then run it.



    Unfortunately, restricting a user's ability to set the execute bit on a file or to execute files other than those on some whitelist wouldn't noticeably mitigate the problem. Some attacks will already work, and those that don't could be trivially modified so that they do. The fundamental issue is that the effect of running a file can be achieved even if the file doesn't have executable permissions.



    This is best illustrated by example. Suppose evil is a file in the current directory that, if given executable permissions (chmod +x evil) and run (./evil), would do something evil. Depending on what kind of program it is, the same effect may be achieved by one of the following:




    • . ./evil or source ./evil runs the commands in evil.sh in the currently running shell.


    • bash ./evil runs evil in bash.


    • python3 evil runs evil in python3.


    • perl evil runs evil in perl.

    • ...and in general, interpreter evil runs evil in the interpreter interpreter.

    • On most systems, /lib64/ld-linux-x86-64.so.2 ./evil runs the binary executable evil.

    None of those, not even the last one, require that the file have executable permissions or even that the user be able to give the file executable permissions.



    But the malicious instructions don't even have to be that complicated. Consider this non-malicious command, which is one of the officially recommended ways to install or update NVM:



    wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash


    The reason that's not malicious is that NVM isn't malware, but if the URL were instead to someone's script that does evil when run, that command would download and run the script. At no point would any file need to be given executable permissions. Downloading and running the code contained in a malicious file with a single command like this is, I believe, a pretty common action that attackers trick users into taking.



    You might think of trying to restrict what interpreters are available for the users to run. But there isn't really a way to do this that doesn't substantially impact the ordinary tasks you presumably want users to be able to do. If you're setting up an extremely restricted environment on which nearly everything a user would think of to do on a computer is disallowed, like a kiosk that only runs a couple programs, then this might provide some measure of meaningful protection. But it doesn't sound like that's your use case.



    So the approximate answer to your question is, "No." The fuller answer is that you could probably manage to prevent users from executing any files except those that you supply on a whitelist. But that's in the strict, technical sense of "execute," which is not needed to achieve the full effect of running most programs or scripts. To prevent that, you could try to make the whitelist very small, so it didn't list any interpreters except those that could be highly restricted. But even if you managed that, users couldn't do much, and if you made it so small they couldn't hurt themselves, they probably couldn't do anything. (See Thomas Ward's comment.)



    If your users can hurt themselves, they can be fooled into hurting themselves.



    You may be able to restrict specific programs from being used or otherwise behaving in ways that are likely to be harmful, and if you're looking at specific patterns ransomware tends to follow, you may be able to prevent some specific common cases. (See AppArmor.) That might provide some value. But it won't give you anything close to the comprehensive solution you're hoping for.



    Whatever technical measures (if any) you end up taking, your best bet is to educate users. This includes telling them not to run commands they don't understand and not to use downloaded files in situations where they wouldn't be able to explain why it's reasonably safe to do so. But it also includes things like making backups, so that if something does go wrong (due to malware or otherwise), the harm done will be as little as possible.






    share|improve this answer



























    • Awesome and upvoted.

      – WinEunuuchs2Unix
      6 hours ago













    11












    11








    11







    The specific attack you've expressed concern about is:




    often an attacker will just fool a gullible user into running an executable by downloading and clicking.




    At least in the common case where the file is downloaded in a web browser, this should already be prevented in Ubuntu by the browser's adherence to the Execute-Permission Bit Required policy. The most directly relevant parts of that policy are:





    • Applications, including desktops and shells, must not run executable code from files when they are both:



      • lacking the executable bit

      • located in a user's home directory or temporary directory.







    • Files downloaded from a web browser, mail client, etc. must never be saved as executable.



    So if a user is told to download a program in a web browser, does so, and attempts to run the file by double-clicking on it, it won't run. This applies even if the file downloaded is a shell script or even a .desktop file. (If you've ever wondered why .desktop files in your home directory have to be marked executable even though they're not really programs, that's why.)



    It is possible for users to alter this behavior through configuration changes. Most will not, and while those who do probably shouldn't, that's not really what you have to worry about. The bigger concern is the more complex attack that I think you're already worried about, in which a malicious person (or bot) instructs the user to download a specific file, mark it executable themselves (through their file browser or with chmod), and then run it.



    Unfortunately, restricting a user's ability to set the execute bit on a file or to execute files other than those on some whitelist wouldn't noticeably mitigate the problem. Some attacks will already work, and those that don't could be trivially modified so that they do. The fundamental issue is that the effect of running a file can be achieved even if the file doesn't have executable permissions.



    This is best illustrated by example. Suppose evil is a file in the current directory that, if given executable permissions (chmod +x evil) and run (./evil), would do something evil. Depending on what kind of program it is, the same effect may be achieved by one of the following:




    • . ./evil or source ./evil runs the commands in evil.sh in the currently running shell.


    • bash ./evil runs evil in bash.


    • python3 evil runs evil in python3.


    • perl evil runs evil in perl.

    • ...and in general, interpreter evil runs evil in the interpreter interpreter.

    • On most systems, /lib64/ld-linux-x86-64.so.2 ./evil runs the binary executable evil.

    None of those, not even the last one, require that the file have executable permissions or even that the user be able to give the file executable permissions.



    But the malicious instructions don't even have to be that complicated. Consider this non-malicious command, which is one of the officially recommended ways to install or update NVM:



    wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash


    The reason that's not malicious is that NVM isn't malware, but if the URL were instead to someone's script that does evil when run, that command would download and run the script. At no point would any file need to be given executable permissions. Downloading and running the code contained in a malicious file with a single command like this is, I believe, a pretty common action that attackers trick users into taking.



    You might think of trying to restrict what interpreters are available for the users to run. But there isn't really a way to do this that doesn't substantially impact the ordinary tasks you presumably want users to be able to do. If you're setting up an extremely restricted environment on which nearly everything a user would think of to do on a computer is disallowed, like a kiosk that only runs a couple programs, then this might provide some measure of meaningful protection. But it doesn't sound like that's your use case.



    So the approximate answer to your question is, "No." The fuller answer is that you could probably manage to prevent users from executing any files except those that you supply on a whitelist. But that's in the strict, technical sense of "execute," which is not needed to achieve the full effect of running most programs or scripts. To prevent that, you could try to make the whitelist very small, so it didn't list any interpreters except those that could be highly restricted. But even if you managed that, users couldn't do much, and if you made it so small they couldn't hurt themselves, they probably couldn't do anything. (See Thomas Ward's comment.)



    If your users can hurt themselves, they can be fooled into hurting themselves.



    You may be able to restrict specific programs from being used or otherwise behaving in ways that are likely to be harmful, and if you're looking at specific patterns ransomware tends to follow, you may be able to prevent some specific common cases. (See AppArmor.) That might provide some value. But it won't give you anything close to the comprehensive solution you're hoping for.



    Whatever technical measures (if any) you end up taking, your best bet is to educate users. This includes telling them not to run commands they don't understand and not to use downloaded files in situations where they wouldn't be able to explain why it's reasonably safe to do so. But it also includes things like making backups, so that if something does go wrong (due to malware or otherwise), the harm done will be as little as possible.






    share|improve this answer















    The specific attack you've expressed concern about is:




    often an attacker will just fool a gullible user into running an executable by downloading and clicking.




    At least in the common case where the file is downloaded in a web browser, this should already be prevented in Ubuntu by the browser's adherence to the Execute-Permission Bit Required policy. The most directly relevant parts of that policy are:





    • Applications, including desktops and shells, must not run executable code from files when they are both:



      • lacking the executable bit

      • located in a user's home directory or temporary directory.







    • Files downloaded from a web browser, mail client, etc. must never be saved as executable.



    So if a user is told to download a program in a web browser, does so, and attempts to run the file by double-clicking on it, it won't run. This applies even if the file downloaded is a shell script or even a .desktop file. (If you've ever wondered why .desktop files in your home directory have to be marked executable even though they're not really programs, that's why.)



    It is possible for users to alter this behavior through configuration changes. Most will not, and while those who do probably shouldn't, that's not really what you have to worry about. The bigger concern is the more complex attack that I think you're already worried about, in which a malicious person (or bot) instructs the user to download a specific file, mark it executable themselves (through their file browser or with chmod), and then run it.



    Unfortunately, restricting a user's ability to set the execute bit on a file or to execute files other than those on some whitelist wouldn't noticeably mitigate the problem. Some attacks will already work, and those that don't could be trivially modified so that they do. The fundamental issue is that the effect of running a file can be achieved even if the file doesn't have executable permissions.



    This is best illustrated by example. Suppose evil is a file in the current directory that, if given executable permissions (chmod +x evil) and run (./evil), would do something evil. Depending on what kind of program it is, the same effect may be achieved by one of the following:




    • . ./evil or source ./evil runs the commands in evil.sh in the currently running shell.


    • bash ./evil runs evil in bash.


    • python3 evil runs evil in python3.


    • perl evil runs evil in perl.

    • ...and in general, interpreter evil runs evil in the interpreter interpreter.

    • On most systems, /lib64/ld-linux-x86-64.so.2 ./evil runs the binary executable evil.

    None of those, not even the last one, require that the file have executable permissions or even that the user be able to give the file executable permissions.



    But the malicious instructions don't even have to be that complicated. Consider this non-malicious command, which is one of the officially recommended ways to install or update NVM:



    wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash


    The reason that's not malicious is that NVM isn't malware, but if the URL were instead to someone's script that does evil when run, that command would download and run the script. At no point would any file need to be given executable permissions. Downloading and running the code contained in a malicious file with a single command like this is, I believe, a pretty common action that attackers trick users into taking.



    You might think of trying to restrict what interpreters are available for the users to run. But there isn't really a way to do this that doesn't substantially impact the ordinary tasks you presumably want users to be able to do. If you're setting up an extremely restricted environment on which nearly everything a user would think of to do on a computer is disallowed, like a kiosk that only runs a couple programs, then this might provide some measure of meaningful protection. But it doesn't sound like that's your use case.



    So the approximate answer to your question is, "No." The fuller answer is that you could probably manage to prevent users from executing any files except those that you supply on a whitelist. But that's in the strict, technical sense of "execute," which is not needed to achieve the full effect of running most programs or scripts. To prevent that, you could try to make the whitelist very small, so it didn't list any interpreters except those that could be highly restricted. But even if you managed that, users couldn't do much, and if you made it so small they couldn't hurt themselves, they probably couldn't do anything. (See Thomas Ward's comment.)



    If your users can hurt themselves, they can be fooled into hurting themselves.



    You may be able to restrict specific programs from being used or otherwise behaving in ways that are likely to be harmful, and if you're looking at specific patterns ransomware tends to follow, you may be able to prevent some specific common cases. (See AppArmor.) That might provide some value. But it won't give you anything close to the comprehensive solution you're hoping for.



    Whatever technical measures (if any) you end up taking, your best bet is to educate users. This includes telling them not to run commands they don't understand and not to use downloaded files in situations where they wouldn't be able to explain why it's reasonably safe to do so. But it also includes things like making backups, so that if something does go wrong (due to malware or otherwise), the harm done will be as little as possible.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 3 hours ago

























    answered 7 hours ago









    Eliah KaganEliah Kagan

    88k22 gold badges244 silver badges387 bronze badges




    88k22 gold badges244 silver badges387 bronze badges















    • Awesome and upvoted.

      – WinEunuuchs2Unix
      6 hours ago

















    • Awesome and upvoted.

      – WinEunuuchs2Unix
      6 hours ago
















    Awesome and upvoted.

    – WinEunuuchs2Unix
    6 hours ago





    Awesome and upvoted.

    – WinEunuuchs2Unix
    6 hours ago













    0














    From: In Linux, how can I prevent users from executing chown, chgrp or chmod?




    chown: Already requires root.



    chgrp: Users can only change into groups they themselves belong to.



    chmod: Probably impossible to restrict - unless you also block all
    programming language compilers/interpreters and disable any remote
    filesystem access (including SFTP).



    (It might be possible to block the chmod() syscall with something
    like AppArmor (if it can block syscalls at all), but it would break a
    whole lot of programs.)




    It sounds like you've come up with a great feature request for Firefox and Chrome.






    share|improve this answer





























      0














      From: In Linux, how can I prevent users from executing chown, chgrp or chmod?




      chown: Already requires root.



      chgrp: Users can only change into groups they themselves belong to.



      chmod: Probably impossible to restrict - unless you also block all
      programming language compilers/interpreters and disable any remote
      filesystem access (including SFTP).



      (It might be possible to block the chmod() syscall with something
      like AppArmor (if it can block syscalls at all), but it would break a
      whole lot of programs.)




      It sounds like you've come up with a great feature request for Firefox and Chrome.






      share|improve this answer



























        0












        0








        0







        From: In Linux, how can I prevent users from executing chown, chgrp or chmod?




        chown: Already requires root.



        chgrp: Users can only change into groups they themselves belong to.



        chmod: Probably impossible to restrict - unless you also block all
        programming language compilers/interpreters and disable any remote
        filesystem access (including SFTP).



        (It might be possible to block the chmod() syscall with something
        like AppArmor (if it can block syscalls at all), but it would break a
        whole lot of programs.)




        It sounds like you've come up with a great feature request for Firefox and Chrome.






        share|improve this answer













        From: In Linux, how can I prevent users from executing chown, chgrp or chmod?




        chown: Already requires root.



        chgrp: Users can only change into groups they themselves belong to.



        chmod: Probably impossible to restrict - unless you also block all
        programming language compilers/interpreters and disable any remote
        filesystem access (including SFTP).



        (It might be possible to block the chmod() syscall with something
        like AppArmor (if it can block syscalls at all), but it would break a
        whole lot of programs.)




        It sounds like you've come up with a great feature request for Firefox and Chrome.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 6 hours ago









        WinEunuuchs2UnixWinEunuuchs2Unix

        56.6k16 gold badges111 silver badges217 bronze badges




        56.6k16 gold badges111 silver badges217 bronze badges






























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1165175%2fis-there-any-way-to-stop-a-user-from-creating-executables-and-running-them%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

            Image
            Would it be easier to colonise a living world or a dead world? Postal services in Italy - Poste Italiane vs. Friendpost vs. GPS What is /dev/null and why can't I use hx on it? Why are engines with carburetors hard to start in cold weather? How to make a gift without seeming creepy? Without exposing his identity, did Roy help his parents with money so that they can afford to stay in their home? Does the Creighton Method of Natural Family Planning have a failure rate of 3.2% or less? How do I break the broom in Untitled Goose Game? Had there been instances of national states banning harmful imports before the mid-19th C Opium Wars? D&D Monsters and Copyright Is sleeping on the groud in cold weather better than on an air mattress? Transiting through Switzerland by coach with lots of cash quadratic equations on 2 by 2 matrices Always Lubricate Skewers? I pay for a service, but I miss the broadcast Iron-age tools, is there a way to extract heavy metals ...
            Read more

            Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

            Image
            Internet forum softwarePHP software Internet communityPHPMySQLdatabase management systemInternet forumCharles WarnerMatt MechamJarvis Entertainment GroupIkonboardInvisionFreeAjaxIPS Community ForumsIPS Community Forumsthis blog entry Invision Community From Wikipedia, the free encyclopedia Jump to navigation Jump to search Invision Community Developer(s) Invision Power Services Stable release 4.4.6 / August 19, 2019 ; 34 days ago  ( 2019-08-19 ) Platform PHP / MySQL Type Forum software License Proprietary Website invisioncommunity.com Invision Community (previously known as IPS Community Suite ) is primarily an Internet community software produced by Invision Power Services, Inc. It is written in PHP and uses MySQL as a database management system. Invision Power Services sell applications that each can be bought and installed separately in addition to the Suite, the most widely known being the Internet forum software Invision Power Boar...
            Read more

            François Viète Contents Biography Work and thought Bibliography See also Notes Further reading External links Navigation menup. 21Google Bookspp. 75–77Google BooksDe thou (from University of Saint Andrews)ArchivedGoogle BooksGoogle BooksGoogle BooksGoogle booksGoogle Bookscc-parthenay.frL'histoire universelle (fr)Universal History (en)ArchivedAdsabs.harvard.eduPagesperso-orange.frArchive.orgChikara Sasaki. Descartes' mathematical thought p.259Google BooksGoogle BooksGoogle Bookspp. 152 and onwardGoogle BooksGoogle BooksScribd.comGoogle Books1257-7979Google BooksGoogle BooksGoogle BooksGoogle BooksGoogle BooksGoogle BooksGallica.bnf.frGoogle BooksGoogle Books"François Viète"Francois Viète: Father of Modern Algebraic NotationThe Lawyer and the GamblerAbout TarporleySite de Jean-Paul GuichardL'algèbre nouvelle"About the Harmonicon"cb120511976(data)1188044800000 0001 0913 5903n82164680ola2013766880073431702w6vt1sb70287374827140948071409480

            Image
            1540 births1603 deathsPeople from Fontenay-le-ComtePre-19th-century cryptographers16th-century French mathematiciansAlgebraistsFrench cryptographersUniversity of Poitiers alumni LatinSeigneurFrenchmathematicianprivy councillorHenry IIIHenry IVFontenay-le-ComteVendéeLa RochelleLe BusseauBarnabé BrissonmagistrateCatholic League of France.FranciscanPoitiersBachelor of LawsKing Francis I of FranceMary, Queen of ScotsHuguenotLyonJacques of Savoy, 2nd Duke of NemoursMouchampsVendéeCatherine de ParthenayastronomytrigonometryStevinKeplerGiordano BrunoCharles IX of FranceParthenayColignyCondéQueen Jeanne d’Albret of NavarreHenry IV of FranceJacques de ThouSt. Bartholomew's Day massacreAdmiral ColignyJacques, Duke of NemoursParliament of BrittanyRennesHenri, duc de Rohanmaître des requêtesHenry of NavarreHenry III of FranceFontenayBeauvoir-sur-MerNew AlgebraJoseph Juste ScaligerToursSpanishcipherWars of ReligionAloysius LiliusChristopher ClaviusAdriaan van Room...
            Read more