home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.security.misc:1655 alt.security:4759 comp.unix.admin:6065
- Path: sparky!uunet!portal!lll-winken!snow.geology.wisc.edu!saimiri.primate.wisc.edu!zaphod.mps.ohio-state.edu!cs.utexas.edu!wotan.compaq.com!moxie!texsun!cronkite.Central.Sun.COM!news2me.EBay.Sun.COM!exodus.Eng.Sun.COM!appserv.Eng.Sun.COM!appserv!limes
- From: limes@ouroborous.eng.sun.com (Greg Limes)
- Newsgroups: comp.security.misc,alt.security,comp.unix.admin
- Subject: Re: Tripwire release
- Message-ID: <LIMES.92Nov5142000@ouroborous.eng.sun.com>
- Date: 5 Nov 92 20:20:00 GMT
- References: <1992Nov4.203802.10885@cs.sandia.gov> <Bx8757.HoF@acsu.buffalo.edu>
- Organization: Sun Microsystems Computer Corporation
- Lines: 19
- NNTP-Posting-Host: ouroborous
- In-reply-to: owens@acsu.buffalo.edu's message of 5 Nov 92 04:29:30 GMT
-
- In article <Bx8757.HoF@acsu.buffalo.edu> owens@acsu.buffalo.edu (Bill Owens) writes:
- | Without adding the overhead of a digital signature for each file which
- | tripwire is keeping track of, could the program perhaps be set up to
- | check a cryptographic signature on the entire database? If the key
- | used to make the signature were kept secure, presumably by encrypting
- | it, then I think this setup would be equally secure.
-
- I think this is insufficient.
-
- Let's say you protected a key program with such a signature, and used
- a shell that would check such signatures before executing the program.
-
- I'm a baddie, with sufficient (but maybe temporary) privileges on your
- system that I can change the bits in the program (or maybe I'm a
- virus). I change what I want to change, subverting the program. Then I
- find some other bits that I don't care about, and twiddle them until
- the signature is right. If I can make that backward calculation either
- directly or by trial-and-error in a reasonable time, then your
- signature protection system is no protection.
-
