lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1179763764.4689.36.camel@dapcva>
Date: Mon, 21 May 2007 18:09:24 +0200
From: Vincent Archer <varcher@...yall.com>
To: Andrew Farmer <andfarm@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux big bang theory....

On Sun, 2007-05-13 at 23:07 -0700, Andrew Farmer wrote:
> This script really doesn't prove anything, though. All it shows is  
> that a compromised machine can be difficult to impossible to clean  
> properly - which has been known for a *long* time. Ken Thompson  
> discussed a much cleverer one in "Trusting Trust". It's also worth  
> noting that this is in no way specific to UNIX systems. It's simply  
> an unalterable fact that, once an attacker has had full access to the  
> machine, it's possible for them to make changes which will allow them  
> reentry at a later date.

I don't have (and I doubt anybody around here can) the proof to make
this a theorem, but it is a good postulate:

- It is impossible to prove the integrity of a computing system from
within the same system.

In olden days, this created the fundamental rules for systems like
Tripwire: place the signatures on non-alterable storage, run tripwire in
single user mode (ahh, the naive assumption that single user mode would
be safe enough).

Today, the preferred method of checking the integrity of a system
involves virtualisation of said system, and verification from the
hosting component of the hosted one. Or the hammer approach of erasing
the state of the system after use, and rolling it back to a "proven"
safe and stable one.

-- 
Vincent ARCHER
varcher@...yall.com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ