Subject: Re: verified executable kernel modification committed
To: Brett Lymn <firstname.lastname@example.org>
From: Perry E. Metzger <email@example.com>
Date: 11/04/2002 10:33:49
Brett Lymn <firstname.lastname@example.org> writes:
> On Sun, Nov 03, 2002 at 11:34:31PM -0500, Perry E. Metzger wrote:
> > You can overwrite the key used for checking the signature.
> In the kernel? Now we are back to that.
/netbsd is just a file on your disk. Write it, force a crash, we're
back to square one. In the end, your security is totally dependent on
chflags working *anyway*, which is what we've said from the start.
> > Read only media? Sure, but once you have read only media, you have to
> > put everything in the trust path onto that media, including the
> > kernel, programs for loading the hashes, etc. At which point, of
> > course, you wonder why you didn't just use read only media for the
> > whole task....
> You can do that... I have done that in the past. Then you don't need
> immutable flags because you have made the system immutable. Mind you,
> you need some writable storage somewhere so you would need to be
> careful that that is not mounted allowing exec or you open yourself to
> having binaries run from there.
Perry E. Metzger email@example.com