Date: Thu, 20 Jun 2002 01:17:04 -0400 From: Klaus Steden <klaus@compt.com> To: Maxlor <mail@maxlor.com> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: preventing tampering with tripwire Message-ID: <20020620011704.G589@cthulu.compt.com> In-Reply-To: <2799555.1024487443@[10.0.0.16]>; from mail@maxlor.com on Wed, Jun 19, 2002 at 11:50:43AM %2B0200 References: <27700541.1024450071@[10.0.0.16]> <2799555.1024487443@[10.0.0.16]>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Putting the tripwire binary on an external, read only drive doesn't help. > As I mentioned, an attacker who gained root could simply unmount the disk > and place a tampered copy into the mountpoint dir. I would only notice this > if I happened to have a closer look at df *and* the attacker was nice > enough not to modify df too. > True, but that doesn't make it useless - nor was it suggested as a whole solution - only part of a number of steps. It does offer you a set of tools that are guaranteed reliable, though, which is a godsend at times like that. Klaus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620011704.G589>