Ethan Blanton wrote:
Monotone *cannot* have anything but recovery. If the attacker has
write access to your database on the filesystem (which is necessary
for thsi attack), he/she can just fire up 'sqlite' and remove as many
records as desired. It doesn't matter what monotone wrote or
annotated, in that case.
In general, yes, audit trails are great -- but make sure your
prevention and detection match the threat model you're supposing.
See my last email. There are standard ways to avoid modification of the
database file through anything but 'mtn'.
Daniel.
_______________________________________________
Monotone-devel mailing list
Monotone-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/monotone-devel
