Even with read only media, might you not be vulnerable to attacks on
cached copies of executables?  Perhaps this is so difficult as to not be
an issue?

On Sun, 2002-11-03 at 21:47, Brett Lymn wrote:
> On Sun, Nov 03, 2002 at 11:34:31PM -0500, Perry E. Metzger wrote:
> > 
> > You can overwrite the key used for checking the signature.
> > 
> 
> In the kernel?  Now we are back to that.
> 
> > 
> > Read only media? Sure, but once you have read only media, you have to
> > put everything in the trust path onto that media, including the
> > kernel, programs for loading the hashes, etc. At which point, of
> > course, you wonder why you didn't just use read only media for the
> > whole task....
> > 
> 
> You can do that... I have done that in the past.  Then you don't need
> immutable flags because you have made the system immutable.  Mind you,
> you need some writable storage somewhere so you would need to be
> careful that that is not mounted allowing exec or you open yourself to
> having binaries run from there.
> 
> -- 
> Brett Lymn
-- 
Seth Kurtzberg
M. I. S. Corp
480-661-1849
Pager 888-605-9296, or 6059296@skytel.com