On Wed, Sep 08, 2010 at 01:24:19PM -0700, Shawn Walker wrote: > On 09/ 8/10 01:14 PM, Bart Smaalders wrote: > >As per usual, if a system is thought to be compromised by a > >malicious attacker, no part of the system can be used to > >verify its own integrity. > > > >Right now we use the data on the system; we need to work on increasing > >the ease of re-verifying all installed package manifests from an > >alternate BE; this would be a good RFE. > > Wouldn't booting to an alternate BE and using -R be sufficient? > (Keeping in mind that we now have package signing.)
The attacker could have mounted and modified the alternate BE as easily as they did the primary BE. You'll want to boot from DCD/DVD/net to verify suspect BEs. (Avoiding the need to boot from media is in large part what Validated Execution is about.) Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
