Re: Thanks / was: RE: Checking integrity of /sbin/init from within kernel

[Ben Goren <ben@trumpetpower.com>]

On Tue, Oct 01, 2002 at 04:54:09PM +0200, Torsten Valentin wrote:

> I stressed already that I'm  no skilled kernel programmer, so it
> might be that I'm a blind man  talking about color, but I know a
> few methods  I could be  doing this with different  (non kernel)
> code in different languages.
>
> Nobody disagreed when I said  that my method would probably stop
> 99% of all  attackers, everybody insisted on that  this is still
> possible to hack  my method, which I  never denied. But stopping
> 99 % of all attackers  is SIGNIFICANT increase of security. Even
> 40% were  significant increase,  because there's  no alternative
> for my method.

My '68 VW Camper is too  slow. Now, I'm no great mechanic, but I'm
sure that a couple of JATO  boosters would make it faster than 99%
of other cars on  the road. So, who can tell me  the best place to
bolt on the rockets?

Hello? Anybody? Is this thing on?

Without physical security,  you have no security  at all. We don't
care that  your kid sister  wouldn't be  able to hack  it. If it's
known that any  one person can hack it, it's  broken and not worth
our time.

You're   better   off   spending  your   time   designing   secure
hardware. Make it a bank vault and have something in there that'll
fry the components if the integrity of the case is broken. Or hire
a Marine to stand guard over it.

If you continue with your  method, know that countless others have
been burned by using such  techniques. Just ask any game developer
from the 80s. Ask  the developers of the  DVD. Ask...aw, heck, why
do I bother? You're not going to listen to me, either.

Cheers,

b&

--
Ben Goren
 mailto:ben@trumpetpower.com
 http://www.trumpetpower.com/
 icbm:33o25'37"N_111o57'32"W

[demime 0.98d removed an attachment of type application/pgp-signature]