tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Proposal: Remove MD5 / SHA1 support from veriexec
On Tue, 22 Aug 2017 15:35:57 +0930
Brett Lymn <brett.lymn%baesystems.com@localhost> wrote:
[...]
> You don't have to up the strict level on veriexec, that way it won't
> block execs but, yes, it would not be good if you cannot boot a new
> kernel.
>
One could still boot single user mode where veriexec happens not to
be in effect, remount / rw, alter the hashes and be done with it.
Not that I'm saying that this is necessarily a good thing, but it's
possible.
Matthias
Home |
Main Index |
Thread Index |
Old Index