From owner-freebsd-security  Mon Oct 15 14:15:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169])
	by hub.freebsd.org (Postfix) with ESMTP id 3FB7637B405
	for <security@FreeBSD.ORG>; Mon, 15 Oct 2001 14:15:49 -0700 (PDT)
Received: by pa169.kurdwanowa.sdi.tpnet.pl (Postfix, from userid 1001)
	id 19B531DA7; Mon, 15 Oct 2001 23:15:48 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with ESMTP
	id A4BA2559C; Mon, 15 Oct 2001 23:15:48 +0200 (CEST)
Date: Mon, 15 Oct 2001 23:15:48 +0200 (CEST)
From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
X-Sender: kzaraska@lhotse.zaraska.dhs.org
To: "Andrew R. Reiter" <arr@watson.org>
Cc: security@FreeBSD.ORG
Subject: Re: Recent major changes in the NetBSD audit system
In-Reply-To: <Pine.NEB.3.96L.1011015101433.95862A-100000@fledge.watson.org>
Message-ID: <Pine.BSF.4.21.0110152313090.528-100000@lhotse.zaraska.dhs.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, 15 Oct 2001, Andrew R. Reiter wrote:

> I see the importance of what they are doing, but I also feel that they are
> going the tripwire route -- which is flawed since it relies on trusting
> hte kernel for valid information.  
Could you explain this a little more in detail? If tripwire-like solutions
are flawed, how should it work then? 

Thanks in advance,

Krzysztof


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message