[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Thanks / was: RE: Checking integrity of /sbin/init from within kernel

To: "'Otto Moerbeek'" <otto@drijf.net>
Subject: Thanks / was: RE: Checking integrity of /sbin/init from within kernel
From: "Torsten Valentin" <winsock2@musiker.de>
Date: Tue, 1 Oct 2002 15:03:51 +0200
Cc: <misc@openbsd.org>

I am willing to end this thread because I see that the positions have
been made clear. 

Thanks for letting me know your thoughts about this.

> But you rely on a clever, unknown scheme to hide a secret key. 

I could imagine a lot of methods for generating a kernel that is not
trivial to disassemble from a binary though fully disclosed in
source-code (the key is randomness), but I agree that this off course is
breakable at the end, if the attacker has just enough skills and time.

> Well I
> think it is well know that that is a big mistake. I just have to trust
> you that you did a good job. And even if I do think that your method
is
> really clever, I can use a debugger or a logic analyzer to find the
key
> or capture the data being written to the ram disk.

All in all I agree (and always have), that it is possible to hack into
this by disassembling the kernel-binary or various different methods.
But as I said, this is meant to be ADDITIONAL SECURITY, not the only
type of security I'd rely upon. 

What I don't understand is the negative position of most of the
participants in this thread against this non-perfect but in my opinion
well working and measurable security enhancement. I have the impression
that most of you guys are not interested in any form of security
enhancement which is obviously not perfect but measurable better than
what is existing at the moment. Like I said: You seem to be wanting it
the "all or nothing" way, and because  we cannot have "all" (the perfect
non breakable solution) you take the "nothing". 

Though I'm glad this thread happened and I got your opinions, I still
have a different opinion on this. A non-perfect solution seems better to
me than no solution.

Maybe I am more into the philosophy that the Linux-people have. I
believe they are not so polarized in their opinions.

And I still am sure that my concept would keep out 99% of the usual
attackers that might be trying to get into this and this makes me
believe it's a good thing.

At the moment there is no solution for this problem and you guys keep
telling me that my concept has weaknesses. I know that, but even with
these weaknesses, my concept is a lot better than all there is at the
moment, because there's just no solution for this problem at the moment.

I'll keep on searching for a programmer that's interested in this
concept. :-)

Also thanks for the hints to microbsd and trojanproof but these do not
solve my problem (but are interesting projects I'll have an eye upon in
the future).

Regards,
T.

References:
- Re: Checking integrity of /sbin/init from within kernel
  - From: Otto Moerbeek <otto@drijf.net>

Prev by Date: Re: Ktracing chrooted Apache: file errors
Next by Date: WXP-formatted msdos Floppies
Prev by thread: Re: Checking integrity of /sbin/init from within kernel
Next by thread: Re: Checking integrity of /sbin/init from within kernel
Index(es):
- Date
- Thread