Re: Tripwire in bin-directory?

To: Thomas Guettler <guettli@interface-business.de>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: Tripwire in bin-directory?
From: Zak Kipling <zk201@cam.ac.uk>
Date: Wed, 24 May 2000 13:40:11 +0100 (BST)
Message-id: <[🔎] Pine.LNX.4.21.0005241334550.599-100000@zk201.girton.cam.ac.uk>
In-reply-to: <[🔎] 392BCBD4.D3F46BC7@interface-business.de>

On Wed, 24 May 2000, Thomas Guettler wrote:

> Isn't it a security risk, that there
> is a shellscript in bin that executes /usr/lib/tripwire.
> If someone breaks into my system, he/she could
> change the file in bin to something that always
> reports that nothing was changed!

If someone breaks into your system, he/she could change /usr/lib/tripwire
itself... isn't this just as much of a problem, except in the unlikely
event that /usr/lib is hardware write-protected while /bin is not.

-- 
Zak Kipling, Girton College, Cambridge, England.

"As long as the superstition that people should obey unjust laws exists,
so long will slavery exist." -- M. K. Gandhi

Reply to:

Follow-Ups:
- Re: Tripwire in bin-directory?
  - From: Thomas Guettler <guettli@interface-business.de>
- Re: Tripwire in bin-directory?
  - From: <ago@hollo.idg.hu>
- Re: Tripwire in bin-directory?
  - From: Michael Meskes <meskes@debian.org>

References:
- Tripwire in bin-directory?
  - From: Thomas Guettler <guettli@interface-business.de>

Prev by Date: Tripwire in bin-directory?
Next by Date: Re: Tripwire in bin-directory?
Previous by thread: Tripwire in bin-directory?
Next by thread: Re: Tripwire in bin-directory?
Index(es):
- Date
- Thread