Re: Checking integrity of /sbin/init from within kernel

[Otto Moerbeek <otto@drijf.net>]

On Tuesday, October 1, 2002, at 12:22 PM, Torsten Valentin wrote:

>> boot from a ramdisk kernel, don't compile ata or scsi support
>> into the kernel. much simpler, no modification needed.
>
> I cannot leave out scsi support, because (besides other reasons) I need
> physical access to a hd for writing logs. I could use a ramdisk-kernel
> though. Does that help? Does that make sure that init is guaranteed
> unmodified? Isn't there a possibility to separate the contents of a
> ramdisk kernel from the kernel itself, alter files and reassemble it?

Yes, very well possible. If you want an unmodifiable boot medium, use 
CD. Together with physical access protection it would buy you something.

> This thread is drifting away from my initial request.

Probably because your scheme isn't very interesting. TrojanProof looks 
much better. What's more: they know the limitations of their method.

> I hope I could make clear to all participants of this thread, that my
> concept is not breakable "just so" between a coffee and a cake.
>
> Now that I hope you agree with me that my concept improves security of 
> a
> machine significantly, I'd like to ask my initial question again:

Not significantly. just a hurdle. Never underestimate the skills of 
your opponent.

> How many hours would a skilled programmer
> have to spend on this?

The benefits would not justify the hours. Mainly because the benefits 
are so small. If you want to spend money, better send it to TrojanProof 
:-)

> Besides: To those, telling me, that I have to ensure physical security
> first: Are you the kind of guys that leave the car unlocked in their
> garage, just because the garage itself is locked? Physical security is
> very important, but if I can do more, why shouldn't I?
>

My car already has a lock. It may not be a very good lock, but is is 
there. So I use it. But I realize that it doesn't stop a professional 
car thief.

Otto