Subject: Re: verified executable kernel modification committed
To: Gavan Fantom <email@example.com>
From: Seth Kurtzberg <firstname.lastname@example.org>
Date: 11/03/2002 13:06:49
I've thought of using a CD, but there is an obvious performance issue.
Also, you would end up with cached copies on a conventional disk.
On Sun, 2002-11-03 at 12:50, Gavan Fantom wrote:
> On 3 Nov 2002, Seth Kurtzberg wrote:
> > That's a good point. There are some situations, though, where this is
> > undesirable. Drives are inexpensive, but the cost is not zero.
> I'm not sure such a device would have a large enough market to bring the
> cost below an inexpensive drive though.
> > More significantly, two drives consume significantly more power than one.
> That's a much better reason. I can't profess to knowing how much overlap
> there is between power-critical and security-critical applications out
> > You might argue that it takes a somewhat more sophisticated person to
> > defeat the system (because you could check for the device in software
> > and because any monkey can replace a cable), but it may be true that
> > anyone who cares enough to open the box is probably capable of defeating
> > it.
> Snip off the write pin on the drive. It's much harder to solder a new pin
> on than to just replace an IDE cable.
> Of course, then it's also much harder to upgrade the OS.
> CDROM springs to mind here. Sure, you may be able to replace the CDROM
> with another disc, but people would start noticing when the whole set of
> system binaries and configurations went missing.
> Gillette - the best a man can forget
M. I. S. Corp
Pager 888-605-9296, or email@example.com