Date: 15 Sep 2000 13:48:02 -0400 From: Lowell Gilbert <lowell@be-well.ilk.org> To: freebsd-chat@freebsd.org Subject: Re: Tripwire vs. Mtree Message-ID: <44og1p5yy5.fsf@lowellg.ne.mediaone.net> In-Reply-To: jcwells@nwlink.com's message of "13 Sep 2000 09:40:29 %2B0800" References: <8pmlud$16jf$1@FreeBSD.csie.NCTU.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
jcwells@nwlink.com ("Jason C. Wells") writes:
> It looks to me like mtree can do anything tripwire can do. Am I missing
> something? Why use tripwire when we can use mtree?
Remember, there's a chicken-and-egg problem: if your system is
compromised, you can't trust its mtree executable to detect the fact.
Even if you have a "safe" copy of the executable, you can't trust the
system's standard libraries, because those may have been compromised too.
If you had a statically linked version of mtree on the floppy where you
keep the checksums, mtree would be roughly as good as tripwire, although
not as convenient, and certainly the tripwire option to build a standalone
floppy would take a bit of work to emulate.
- Lowell
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44og1p5yy5.fsf>