<p><span class="h-card" translate="no"><a href="https://mastodon.social/@hannesm" class="u-url mention">@<span>hannesm</span></a></span> I never tried using it, but I think the closest you can get on Linux is to digitally sign the ELF file and use the IMA subsystem. <a href="https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture#Using_digital_signatures_for_immutable_files" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">wiki.gentoo.org/wiki/Integrity</span><span class="invisible">_Measurement_Architecture#Using_digital_signatures_for_immutable_files</span></a><br />If you are already running then verifying yourself is more tricky because someone could've LD_PRELOADed something and intercepted any PLT entries, so you'd have to implement any verification without using PIC code/PLT entries and without using the libc (raw syscalls?). But even that might've been intercepted by the application itself, e.g. the same LD_PRELOAD could ptrace itself and fool you into passing the verification by showing you something else than the actually running app. I think the only way to prevent tampering / malicious code is to check it before it got a chance of executing.</p>
