Re: Tripwire in bin-directory?

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: Tripwire in bin-directory?
From: Michael Meskes <meskes@debian.org>
Date: Wed, 24 May 2000 16:28:55 +0200
Message-id: <[🔎] 20000524162855.A1432@fam-meskes.de>
Mail-followup-to: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
In-reply-to: <[🔎] Pine.LNX.4.21.0005241334550.599-100000@zk201.girton.cam.ac.uk>; from zk201@cam.ac.uk on Wed, May 24, 2000 at 01:40:11PM +0100
References: <[🔎] 392BCBD4.D3F46BC7@interface-business.de> <[🔎] Pine.LNX.4.21.0005241334550.599-100000@zk201.girton.cam.ac.uk>

On Wed, May 24, 2000 at 01:40:11PM +0100, Zak Kipling wrote:
> If someone breaks into your system, he/she could change /usr/lib/tripwire
> itself... isn't this just as much of a problem, except in the unlikely
> event that /usr/lib is hardware write-protected while /bin is not.

Well, that was the intent. The database should be stored on a read only
location. Note, however, that this is by no means completely secure since an
intruder could simply umount /usr/lib/tripwire and create the files in this
dir anew.

It is, however, a solution for some remote changes. If an intruder gets a
root account he/she can do whatever he/she wants to your machine.

Michael
-- 
Michael Meskes
Michael@Fam-Meskes.De
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!

Reply to:

References:
- Tripwire in bin-directory?
  - From: Thomas Guettler <guettli@interface-business.de>
- Re: Tripwire in bin-directory?
  - From: Zak Kipling <zk201@cam.ac.uk>

Prev by Date: Re: Tripwire in bin-directory?
Next by Date: Re: Tripwire in bin-directory?
Previous by thread: Re: Tripwire in bin-directory?
Next by thread: XF86 server denial of service
Index(es):
- Date
- Thread