Re: Debian audititing tool?
On Fri, Dec 22, 2000 at 11:05:32PM -0900, Ethan Benson wrote:
> On Fri, Dec 22, 2000 at 05:54:55PM -0400, Peter Cordes wrote:
> >
> > That's why you run the checker from a known-good floppy or CD. The bogus
> > kernel can't protect itself if it isn't running :)
>
> don't be so sure, is the BIOS or firmware on your computer flashable?
> if so an attacker could replace the firmware/BIOS itself to ensure
> later trojans are installed.
Oh crap, I didn't think of that! It would be a really hard attack if you
didn't know what kernel was going to get loaded, but in theory there's no
way around it, short of burning non-flashable ROMs! (Well, you could take
the drive out of the computer and test it in another computer.)
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: