From owner-freebsd-chat  Fri Sep 15 13:33:14 2000
Delivered-To: freebsd-chat@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 32EC237B424; Fri, 15 Sep 2000 13:33:13 -0700 (PDT)
Received: (from kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id NAA59611;
	Fri, 15 Sep 2000 13:33:13 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Date: Fri, 15 Sep 2000 13:33:13 -0700
From: Kris Kennaway <kris@FreeBSD.org>
To: "Jason C. Wells" <jcwells@nwlink.com>
Cc: Lowell Gilbert <lowell@lowellg.ne.mediaone.net>,
	freebsd-chat@FreeBSD.ORG
Subject: Re: Tripwire vs. Mtree
Message-ID: <20000915133313.A58409@freefall.freebsd.org>
References: <44og1p5yy5.fsf@lowellg.ne.mediaone.net> <Pine.SOL.3.96.1000915110608.12381A-100000@utah>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.SOL.3.96.1000915110608.12381A-100000@utah>; from jcwells@nwlink.com on Fri, Sep 15, 2000 at 11:08:21AM -0700
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Sep 15, 2000 at 11:08:21AM -0700, Jason C. Wells wrote:
> On 15 Sep 2000, Lowell Gilbert wrote:
> 
> > Remember, there's a chicken-and-egg problem:  if your system is
> > compromised, you can't trust its mtree executable to detect the fact.
> > Even if you have a "safe" copy of the executable, you can't trust the
> > system's standard libraries, because those may have been compromised too.
> > 
> > If you had a statically linked version of mtree on the floppy where you
> > keep the checksums, mtree would be roughly as good as tripwire, although
> > not as convenient, and certainly the tripwire option to build a standalone
> > floppy would take a bit of work to emulate.
> 
> Having never directly used either ubt knowing what they do, I now see that
> there are "implementation" issues that have to be considered.
> 
> Thank you for the input.  I would have neglected to consider the
> trustworthiness of the system libraries.

Well, thats not a fundamental problem - you can trivially link mtree statically.
Basically, I think mtree can do everything tripwire can, but it's a raw tool,
not a ready-to-use product and you will have to do a bit of scripting to use it
like that.

Kris
--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message