Re: Proposal: Remove MD5 / SHA1 support from veriexec

To: <tech-security%netbsd.org@localhost>
Subject: Re: Proposal: Remove MD5 / SHA1 support from veriexec
From: Matthias Weckbecker <matthias%weckbecker.name@localhost>
Date: Sat, 26 Aug 2017 21:30:01 +0200

On Tue, 22 Aug 2017 15:35:57 +0930
Brett Lymn <brett.lymn%baesystems.com@localhost> wrote:

[...]
> You don't have to up the strict level on veriexec, that way it won't
> block execs but, yes, it would not be good if you cannot boot a new
> kernel.
> 

One could still boot single user mode where veriexec happens not to
be in effect, remount / rw, alter the hashes and be done with it.

Not that I'm saying that this is necessarily a good thing, but it's
possible.

Matthias

Follow-Ups:
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Sevan Janiyan

References:
- Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Sevan Janiyan
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Martin Husemann
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Brett Lymn

Prev by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Next by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Previous by Thread: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Next by Thread: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Indexes:

Home | Main Index | Thread Index | Old Index