On Sun, Nov 03, 2002 at 11:34:31PM -0500, Perry E. Metzger wrote:
> 
> You can overwrite the key used for checking the signature.
> 

In the kernel?  Now we are back to that.

> 
> Read only media? Sure, but once you have read only media, you have to
> put everything in the trust path onto that media, including the
> kernel, programs for loading the hashes, etc. At which point, of
> course, you wonder why you didn't just use read only media for the
> whole task....
> 

You can do that... I have done that in the past.  Then you don't need
immutable flags because you have made the system immutable.  Mind you,
you need some writable storage somewhere so you would need to be
careful that that is not mounted allowing exec or you open yourself to
having binaries run from there.

-- 
Brett Lymn