Guaranteeing running code is signed
Basil Mohamed Gohar
abu_hurayrah at hidayahonline.org
Sun May 10 16:23:08 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/10/2009 09:31 PM, Krzysztof Halasa wrote:
> Björn Persson <bjorn at rombobjörn.se> writes:
>
>> It's impossible to verify the security of a computer system from within the
>> system itself. If a malicious person may have had root access, then RPM, GPG,
>> SElinux and the auditing subsystem may all have been tampered with and you
>> can't trust that they tell you the truth. Reinstalling is the only way to be
>> sure.
>
> Sure? Someone may have planted something in a motherboard flash ROM
> (easy), in VGA flash, in CD/DVD flash, in HDD flash and/or "service"
> sectors etc.
>
> You can't be 100% sure that a brand-new hardware is clean.
Shift this register/logic enough in one direction, and it's going to
overflow into "just trust everything"...
- --
Basil Mohamed Gohar
abu_hurayrah at hidayahonline.org
http://www.basilgohar.com/blog
basilgohar on irc.freenode.net
GPG Key Fingerprint: 5AF4B362
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkoG/2gACgkQaVgOCFr0s2I8gwCeJQ+hVW4WSkz4XIMvKoawe10v
zl8AniQBX7AQKRreCQtLABATQe24s/OD
=oG9E
-----END PGP SIGNATURE-----
More information about the devel
mailing list