OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :

<< Re: Kernel relinking status from Theo de Raadt | Up: Re: Kernel relinking status from Theo de Raadt | Flattened | Expanded | Re: Kernel relinking status from Theo de Raadt >>

Threshold: Help

  Re: Kernel relinking status from Theo de Raadt (mod 3/3)
by Anonymous Coward ( on Thu Jul 6 10:36:07 2017 (GMT)
  > > > If your kernel is trojaned, how can you run userland code upon it to check if it is trojaned?
> > >
> > > If you are holed, you are holed. Don't get holed.
> >
> > I agree, but the checks can be done offline via a trusted OS booted from read-only media (CD-ROM, write-protected USB or floppy), or it can be done by the boot loader if it can be trusted.
> It would be neat if another stage was added to the boot loader so it could verify signatures of the kernel object files and then does the re-linking before the new kernel boots. Best of both worlds.

Verify against what? a hacked list of signatures?

Remember, before booting, there is no OS to help you access remote websites (or even other local storage), so the only source of data is the same place you got the object files.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]