[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Guaranteeing running code is signed



Björn Persson <bjorn rombobjörn se> writes:

> It's impossible to verify the security of a computer system from within the 
> system itself. If a malicious person may have had root access, then RPM, GPG, 
> SElinux and the auditing subsystem may all have been tampered with and you 
> can't trust that they tell you the truth. Reinstalling is the only way to be 
> sure.

Sure? Someone may have planted something in a motherboard flash ROM
(easy), in VGA flash, in CD/DVD flash, in HDD flash and/or "service"
sectors etc.

You can't be 100% sure that a brand-new hardware is clean.
-- 
Krzysztof Halasa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]