Re: Checking integrity of /sbin/init from within kernel

[Jatin Nansi <jatin.nansi@timesgroup.com>]

Yes, but you dont need to boot from a disk to access its contents.
As per your scenario, I can take out a disk and stick the disk in 
another PC with
another HDD, boot from the other HDD, and read all data from the first disk.


Torsten Valentin wrote:

>>I guess it is possible, but useless. If you do not physically protect
>>your hard disk, so I can take it out and change, what would stop me
>>from changing the kernel too? I think your suggestion does not improve
>>security. Maybe it would catch a broken hard disk, but nothing more.
>>    
>>
>
>Sorry, but I have a different opinion on that.
>
>For my purposes and in my scenario it will improve security. My method
>is to give the kernel a new variable with a signature in it that I have
>created before compiling my /sbin/init. Then I make my /sbin/init so
>that it checks for the signature in the kernel (similar to `sysclt
>kern.mysignature`). If the signature is correct, we are running "my"
>kernel. /sbin/init will continue. If not, it will die and halt the
>kernel. So the kernel checks if /sbin/init is correct and /sbin/init
>checks if we have the correct kernel.
>
>You could say that it could be easy to create a kernel with my signature
>in it, but it isn't. You cannot read the signature from the kernel,
>because therefore you'd have to change /sbin/init and if you do that my
>kernel won't boot. Understood?
>
>I think it's a huge improvement in security!
>
>So back to my questions: How hard is this to achieve and whom can I ask
>to do it? Does anyone know of anybody who is interested in that kind of
>kernel hacking that he'd want to do the code for this?
>
>T.
>
>  
>
>>Otto