Subject: Re: verified executable kernel modification committed
To: matthew green <mrg@eterna.com.au>
From: Brett Lymn <blymn@baesystems.com.au>
List: tech-security
Date: 10/30/2002 11:23:41
On Wed, Oct 30, 2002 at 01:49:22AM +1100, matthew green wrote:
>    
> i assume that is "securelevel <= 0" ?
>    

Yes, my bad.

> 
> how does it not give you confidence it has not been tampered with?
> 

I am not clear on whether or not you could just move the binary to one
side and place another one in it's place.  Even if this is not
possible, maintaining the correct flags on all files and directories
is a real bear.  Also, using chflags does not preclude someone pulling
the "adjust the PATH to include a trojan in root's path" trick and
leveraging a privilege elevation when root logs in.  This actually did
happen to a public project in the past.

-- 
Brett Lymn