On 09/ 8/10 01:34 PM, Nicolas Williams wrote:
On Wed, Sep 08, 2010 at 01:24:19PM -0700, Shawn Walker wrote:
On 09/ 8/10 01:14 PM, Bart Smaalders wrote:
As per usual, if a system is thought to be compromised by a
malicious attacker, no part of the system can be used to
verify its own integrity.
Right now we use the data on the system; we need to work on increasing
the ease of re-verifying all installed package manifests from an
alternate BE; this would be a good RFE.
Wouldn't booting to an alternate BE and using -R be sufficient?
(Keeping in mind that we now have package signing.)
The attacker could have mounted and modified the alternate BE as easily
as they did the primary BE. You'll want to boot from DCD/DVD/net to
verify suspect BEs.
(Avoiding the need to boot from media is in large part what Validated
Execution is about.)
The original request was about a way to connect remotely to verify the
system presumably using the installed system.
Yes, if you care about it that much, you'll have to use some form of a
"trusted" environment.
-Shawn
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
