[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tripwire in bin-directory?

On Wed, 24 May 2000, Thomas Guettler wrote:

> Isn't it a security risk, that there
> is a shellscript in bin that executes /usr/lib/tripwire.
> If someone breaks into my system, he/she could
> change the file in bin to something that always
> reports that nothing was changed!

If someone breaks into your system, he/she could change /usr/lib/tripwire
itself... isn't this just as much of a problem, except in the unlikely
event that /usr/lib is hardware write-protected while /bin is not.

Zak Kipling, Girton College, Cambridge, England.

"As long as the superstition that people should obey unjust laws exists,
so long will slavery exist." -- M. K. Gandhi

Reply to: