[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security idea - bootable CD to check your system

Jim Popovitch <yahoo@jimpop.com> writes:
> On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:

>> The difference is that:

>> a) These all run on the live system they are trying to protect, 

> Unless you configure them to only write to an offline mount point that
> is normally ro and only rw through external effort.... which is in
> Tripwire's best practices.

That doesn't necessarily help.  It makes the attacker's task much more
difficult, but it's still possible to binary-patch a running kernel in
various ways to hide files from everything on the system, including
tripwire.

You have to boot into a known-clean kernel in order to get a fully
trustable integrity check.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: