Subject: Re: verified executable kernel modification committed
To: None <tech-security@netbsd.org, current-users@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 10/29/2002 22:19:55
[ On Wednesday, October 30, 2002 at 11:36:26 (+1030), Brett Lymn wrote: ]
> Subject: Re: verified executable kernel modification committed
>
> On Wed, Oct 30, 2002 at 02:12:22AM +1100, matthew green wrote:
> >
> > i don't see how veriexec makes this
> > inherently more secure. it probably has some nicer benefits over
> > chflags, but nothing that should increase/decrease real security.
>
> As I said, it gives a verification that what you think you are running
> is what you are running, it is about ensuring the integrity of the
> trusted computing base. Chflags can prevent files being modified but
> it cannot tell you if it was tampered with as some stage before the
> flags were applied.
Assuming the integrity of the files is verified immediately after
setting chflags, then verifying their integrity over and over again on
every exec really doesn't increase the real security of the system at
all (all other things being equal).
So, in many case it would seem "smarter" to do the install, set chflags
to make the files immutable, and then just verify the integrity of the
files once, all while still in in single user mode, and be done with it.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>