tech-security: re: verified executable kernel modification committed

Subject: re: verified executable kernel modification committed
To: Brett Lymn <blymn@baesystems.com.au>
From: matthew green <mrg@eterna.com.au>
List: tech-security
Date: 11/04/2002 14:03:36

   > So what?  All that complexity, and you get... the same guarantee, with all
   > the same caveats, that you already had with file flags.
   
   Actually you get the fact that eventually you will get notified the
   file has been overwritten, with file flags you will never know.


will i?  if i can overwrite the file, i can overwrite the file that has
the fingerprints on it.  as you probably won't reverify the binary until
next reboot.... boom.  same flaw - again.



.mrg.