[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Guaranteeing running code is signed



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/10/2009 09:31 PM, Krzysztof Halasa wrote:
> Björn Persson <bjorn rombobjörn se> writes:
> 
>> It's impossible to verify the security of a computer system from within the 
>> system itself. If a malicious person may have had root access, then RPM, GPG, 
>> SElinux and the auditing subsystem may all have been tampered with and you 
>> can't trust that they tell you the truth. Reinstalling is the only way to be 
>> sure.
> 
> Sure? Someone may have planted something in a motherboard flash ROM
> (easy), in VGA flash, in CD/DVD flash, in HDD flash and/or "service"
> sectors etc.
> 
> You can't be 100% sure that a brand-new hardware is clean.

Shift this register/logic enough in one direction, and it's going to
overflow into "just trust everything"...

- -- 
      Basil Mohamed Gohar
abu_hurayrah hidayahonline org
http://www.basilgohar.com/blog
basilgohar on irc.freenode.net
GPG Key Fingerprint:  5AF4B362
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkoG/2gACgkQaVgOCFr0s2I8gwCeJQ+hVW4WSkz4XIMvKoawe10v
zl8AniQBX7AQKRreCQtLABATQe24s/OD
=oG9E
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]