Subject: Re: Volunteers to test some kernel code...
To: Brett Lymn <>
From: Perry E. Metzger <>
List: tech-kern
Date: 06/21/1999 14:07:58 (Brett Lymn) writes:
> > If the answer is immutable files then what's the benefit of
> >the dynamic tripwire?
> >
> Only that it stops the execution of any unsigned binary.  There is
> nothing to stop a person, given the correct permissions, running any
> binary they want - even one they have downloaded into, say, /tmp.  By
> using signing you can have a mechanism that can detect such a binary
> and not run it.

I've been thinking about this, and I'm far from sure this whole scheme 
is going to provide any real security. It may add a lot of complexity, 
but in the end, I'm far from sure its a win.