I'm writing an assignment for a security course, and I'm trying to create an executable which students can interact with (ie, execute), but not inspect. In particular what I'd like is for them to be able to execute the binary but not be able to inspect its contents in any way - reading the file, attaching a debugger, etc.
From trial and error, it seems as though giving "other" only execute permission, non-owners of the file are able to execute but not read or attach a debugger (including by attaching to it after it's running - it's actually ptrace that gives the error, so I'm convinced that it's not just gdb failing to read the associated binary file). My question is: am I right about this? Is giving students only execute permissions actually sufficient? To be concrete, they're asked to crack encryption, and the key is stored in the binary, so if they can inspect the binary in any capacity (including the process' memory), they'll be able to sidestep the challenge of the assignment.