Re: Checking integrity of /sbin/init from within kernel

["Torsten Valentin" <winsock2@musiker.de>]

> > Now that I hope you agree with me that my concept improves security
of a
> > machine significantly, I'd like to ask my initial question again:
> 
> Not really. If someone gets to the point of being able to
replace/modify
> the kernel or /sbin/init, you have bigger problems elsewhere.

You're pointing on the physical security again, right? You're right with
that. Of course. But what if? I still think it makes sense to think
further and do something against it if possible. And it seems it's not
that difficult if someone just did it.

It's the same question as: 
Why do the manufacturers of airplanes have 3 different computer systems
controlling an airplane? I mean if it is possible that a computer that
controls an airplane crashes, they "have bigger problem elsewhere". So
why would one want to take a second computer with a different hardware
and different software that's responsible for the same task the first
computer is supposed to handle?

The answer is "additional security". 
And another answer is: Why shouldn't I if the probability that the first
computer crashes (or someone gets physical access to my machine) is >0 ?

> As an analogy, consider the security situation with "smart cards" and
> their use. The security in all such systems basically relies on just
one
> thing -- it should be difficult to retrieve the private key(s) from
the
> card. 

Good analogy. I regard the whoöe machine I'm working on as one smartcard
and I'm trying to make the process of getting the key as difficult as
possible.

> Not that difficult, I imagine. Haven't really thought about it.
> > How difficult would it be to implement code that would do a md5-sum?

> How many hours would a skilled programmer have to spend on this?
> Pretty easy, I think, so not that many.

OK, where do I find someone who's willing to do this? :-)

T.