Re: Kernel relinking status from Theo de Raadt (mod 0/8)
by Anonymous Coward (22.214.171.124) on Mon Jul 3 04:04:44 2017 (GMT)
> > If your kernel is trojaned, how can you run userland code upon it to check if it is trojaned?
> > If you are holed, you are holed. Don't get holed.
> I agree, but the checks can be done offline via a trusted OS booted from read-only media (CD-ROM, write-protected USB or floppy), or it can be done by the boot loader if it can be trusted.
And you do that with a CD-ROM every time?
As to the second point, our bootloader doesn't do that.
You can disable this security subsystem if you prefer your kernel to have the same address space everytime it runs. Go for it. You can disable this security mechanism, and keep checking with your CD-ROM procedure. Noone is stopping you from using your CD-ROM.
[ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]
Add Story |
Copyright © 2004-2008
All rights reserved.
Articles and comments are copyright their respective authors,
submission implies license to publish on this web site.
Contents of the archive prior to April 2nd 2004 as well as images
and HTML templates were copied from the fabulous original
Jim's kind permission.
Some icons from slashdot.org
used with permission from Kathleen.
This journal runs as CGI with
on OpenBSD, the
source code is
Search engine is ht://Dig.
undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]