Re: Integrity checking NANOBSD images

看板FB_security作者時間19年前 (2006/07/12 04:49), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串8/15 (看更多)
--- Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > Arming a trojan to just do 'sleep 145 ; echo "sha256 = 0248482..."' > when you thing you're running sha256 would be trivia. > But what if the trojan copies its files to the RAM disc and waits for this sha256 binary showing up? And then, when it is there, it removes its changes on the hard disc (those changes certainly must be in unused (formerly zeroed) areas of the hard disc or in the (zeroed) end of certain shell scripts... Or do I miss something? Wasn't is usual some years ago to switch the boot disc hardware to "read only" mode? I dont know how to do that, but my source seemed to be trustworthy (although I never saw him - I just heard his voice...)... ;-)) A switch like on those 1.44'' floppy discs would be good... But then software/OS updates would require physical access to the box... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 arne_woerne. 的文章
文章代碼(AID): #14j0xL00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 8 之 15 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共15篇)
更多 arne_woerne. 的文章
文章代碼(AID): #14j0xL00 (FB_security)