Subject: Re: verified executable kernel modification committed
To: matthew green <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 10/29/2002 10:04:42
> Q: So, how do you stop the list being updated later?
> A: by using securelevel - the fingerprints can only be loaded at
> securelevel == 0. The full effect of the verified exec is in
> effect at securelevel > 2 (i.e. 3 onwards), at this point warnings
> about invalid/missing fingerprints become fatal errors, before this
> they were merely warnings.
>i assume that is "securelevel <= 0" ?
prolly, but the "securelevel > 2" bit gives me pause. why not just
"securelevel > 1"?
> Q: Doesn't chflags(1) do all this already?
> A: Not really. It can be used to do some of the work but there are
> some things it cannot do like prevent a file from being executed
> nor can it give any confidence that what you are executing has not
> been tampered with.
>how does it not give you confidence it has not been tampered with?
because now tampering with the underlying filesytem is evident,
whereas chflags doesn't protect you against that?
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."