Re: [linux-security] Malicious Linux modules (fwd)

Chel van Gennip (linux@vangennip.nl)
Sun, 12 Oct 1997 23:35:21 +0000 (WET)


"Adam D. Bradley" <artdodge@cs.bu.edu> wrote:
>.....
>> "provability". To improve security these checks on signature could be
>> done at regular intervals.
>
>Just remember, it suffers the same weakness as everything else - rpm
>can be hacked up as easily as anything else. Olaf is right, once
>you've been compromised, booting and comparison against read-only
>media is really your only "provable" way of finding out what got hit.
>
>> A medium without modification possibilities (like ROM or CD-Rom)
>> or a trusted server should be used to store the signatures or a master
>> signature over the files containing the signatures.
>
>...and the rpm binary...and the kernel...and an initrd...and... ;-)

Just to increase the paranoia, the bios and cmos can be changed too. In
general physical access ad root privileges can corrupt your system. If you
can not avoid these, your system will nevere be secure.
So you will have to avoid these two.
If security is an issue, it is good to check your system from time to time.
For this RPM can be a tool.

Chel