Subject: Re: Volunteers to test some kernel code...
To: Brett Lymn <blymn@baea.com.au>
From: Perry E. Metzger <perry@piermont.com>
List: tech-kern
Date: 06/21/1999 14:07:58
blymn@baea.com.au (Brett Lymn) writes:
> > If the answer is immutable files then what's the benefit of
> >the dynamic tripwire?
> >
>
> Only that it stops the execution of any unsigned binary. There is
> nothing to stop a person, given the correct permissions, running any
> binary they want - even one they have downloaded into, say, /tmp. By
> using signing you can have a mechanism that can detect such a binary
> and not run it.
I've been thinking about this, and I'm far from sure this whole scheme
is going to provide any real security. It may add a lot of complexity,
but in the end, I'm far from sure its a win.
Perry