in reply to Re^4: Authentication with /etc/shadow
in thread Authentication with /etc/shadow
I feel like I'm shooting in the dark here, but ...
If the particular computer you are running on is an issue, why not check the BIOS serial number and manufacturer id and have your script run only if it is on the correct machine? If buying time is also concern you could generate fake output and even try to silently send an email to supervisors if it running on the wrong machine complete with the CPU info of the interloper so that follow-up actions or even prosecution would be easier. No point in letting the attacker know his/her attack even failed.
Also do you have in place some sort of digital signing? Can you prevent scripts running if their checksum or digital signature changes? If someone can copy your scripts, might they also not be able to edit them to remove any security checks and delaying tactics you try to insert? If that is the case your EUID check solution (or for that matter a CPU check) isn't a solution at all. If you encapsulate your checks in function calls, Perl makes it dirt easy to redefine a function call. If you hard code your checks in several places in your script, you will be dealing with a maintenance problem. Furthermore, assuming your envisioned attacker is more than your average script kiddie, I'd suspect that he or she would be quite adept at using sed, vi, emacs/emacs, perl or any number of tools to do regex based global search and replace.