On Fri, Feb 09, 2001 at 07:15:06PM +1100, Brian May wrote:
> >>>>> "Matt" == Matt Zimmerman <mdz@debian.org> writes:
>
> Matt> If the system has been compromised, you can't even trust
> Matt> executables on secure media, as you can't be sure that
> Matt> you're actually executing what you think you're executing.
>
> Good point.
>
> So it seems the only secure method is to create a bootable CD-ROM with
> tripwire and {public,private} key files installed, and boot from the
> CD-ROM to conduct the check if you are paranoid enough to want to do
> this. Otherwise, normal checks just use the files from the read-only
> media.
>
Yes.
>
> Somebody else had an interesting point of integrating this somehow
> into the package management system. I think this is interesting as
> packages could come supplied with their own policy information and/or
> database entries. Ideally this should be done so:
>
Yes also.
You may want to read this flamefest on debian-security:
http://lists.debian.org/debian-security-0012/msg00149.html
And the proposal I wrote up afterwards:
http://lists.debian.org/debian-security-0012/msg00187.html
I'm still intending to do this, but haven't looked at if for a few weeks
now (organising my PhD thesis will be a major distraction at least until
the end of March). I have some incomplete Python code, but need to sit
down and work out how it's going to interact with the signature stuff
which John Goerzen and Ben Collins have been working on.
If this is ever going to turn into a polished end-user product, it'll
probably require a few people working on it, because the desirable
menu-based user interface for the bootable CD could be a little
complicated.
--
Peter Eckersley http://www.cs.mu.oz.au/~pde
(pde@cs.mu.oz.au) TLI: http://www.computerbank.org.au
<~~~~.sig temporarily conservative pending divine intervention~~~~>
GPG fingerprint: 30BF 6A78 2013 DCFA 5985 E255 9D31 4A9A 7574 65BC
Attachment:
pgpql533PLJOc.pgp
Description: PGP signature