[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checking integrity of /sbin/init from within kernel

To: <misc@openbsd.org>
Subject: Re: Checking integrity of /sbin/init from within kernel
From: Otto Moerbeek <otto@drijf.net>
Date: Tue, 1 Oct 2002 10:31:33 +0200

On Tuesday, October 1, 2002, at 10:17 AM, Torsten Valentin wrote:

> The reason for my question is the following:
>
> I want to assure that /sbin/init has not been changed for security
> reasons. If the integrity check fails, the kernel should stop and not
> start /sbin/init after bootup.
>
> I am working on a project where security is a very high priority and it
> is imaginable that unprivileged people may lay hand on the filesystem
> (by taking the hd, mounting it into another system and putting their
> backdoors or whatever into the system). My /sbin/init makes integrity
> checks of the used programs, but /sbin/init cannot yet be checked for
> integrity itself.

I guess it is possible, but useless. If you do not physically protect 
your hard disk, so I can take it out and change, what would stop me 
from changing the kernel too? I think your suggestion does not improve 
security. Maybe it would catch a broken hard disk, but nothing more.

Otto

References:
- Checking integrity of /sbin/init from within kernel
  - From: "Torsten Valentin" <winsock2@musiker.de>

Prev by Date: Checking integrity of /sbin/init from within kernel
Next by Date: Re: Checking integrity of /sbin/init from within kernel
Prev by thread: Checking integrity of /sbin/init from within kernel
Next by thread: Re: Checking integrity of /sbin/init from within kernel
Index(es):
- Date
- Thread