|Main Archive Page > Month Archives > full-disclosure-uk archives|
On Sun, 2007-05-13 at 23:07 -0700, Andrew Farmer wrote:
> This script really doesn't prove anything, though. All it shows is
> that a compromised machine can be difficult to impossible to clean
> properly - which has been known for a *long* time. Ken Thompson
> discussed a much cleverer one in "Trusting Trust". It's also worth
> noting that this is in no way specific to UNIX systems. It's simply
> an unalterable fact that, once an attacker has had full access to the
> machine, it's possible for them to make changes which will allow them
> reentry at a later date.
I don't have (and I doubt anybody around here can) the proof to make this a theorem, but it is a good postulate:
In olden days, this created the fundamental rules for systems like Tripwire: place the signatures on non-alterable storage, run tripwire in single user mode (ahh, the naive assumption that single user mode would be safe enough).
Today, the preferred method of checking the integrity of a system involves virtualisation of said system, and verification from the hosting component of the hosted one. Or the hammer approach of erasing the state of the system after use, and rolling it back to a "proven" safe and stable one. -- Vincent ARCHER firstname.lastname@example.org Tel : +33 (0)1 40 07 47 14 Fax : +33 (0)1 40 07 47 27 Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/