From owner-freebsd-hackers Thu Aug 21 23:51:53 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id XAA20803 for hackers-outgoing; Thu, 21 Aug 1997 23:51:53 -0700 (PDT) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id XAA20786 for ; Thu, 21 Aug 1997 23:51:44 -0700 (PDT) Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id IAA28091 for hackers@FreeBSD.ORG; Fri, 22 Aug 1997 08:51:42 +0200 Received: (from j@localhost) by uriah.heep.sax.de (8.8.7/8.8.5) id IAA04886; Fri, 22 Aug 1997 08:26:20 +0200 (MET DST) Message-ID: <19970822082620.XM01678@uriah.heep.sax.de> Date: Fri, 22 Aug 1997 08:26:20 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: hackers@FreeBSD.ORG Subject: Re: How hard would it be for the boot blocks to validate References: X-Mailer: Mutt 0.60_p2-3,5,8-9 Mime-Version: 1.0 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: ; from Jaye Mathisen on Aug 21, 1997 12:19:05 -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk As Jaye Mathisen wrote: > the integrity of the kernel binary itself? Right now? Impossible. If we've got 8 spare bytes in the bootblocks, it's probably already plenty. Also, how are you going to check any integrity of /kernel? Would you put the entire MD5 into the bootblocks? Well, when going to a 3-stage bootstrap, space is no longer a big problem, but the number of vulnerable files will be extended (from just /kernel to /boot + /kernel), so no help for your problem at all. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)