Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Sep 2000 13:33:13 -0700
From:      Kris Kennaway <kris@FreeBSD.org>
To:        "Jason C. Wells" <jcwells@nwlink.com>
Cc:        Lowell Gilbert <lowell@lowellg.ne.mediaone.net>, freebsd-chat@FreeBSD.ORG
Subject:   Re: Tripwire vs. Mtree
Message-ID:  <20000915133313.A58409@freefall.freebsd.org>
In-Reply-To: <Pine.SOL.3.96.1000915110608.12381A-100000@utah>; from jcwells@nwlink.com on Fri, Sep 15, 2000 at 11:08:21AM -0700
References:  <44og1p5yy5.fsf@lowellg.ne.mediaone.net> <Pine.SOL.3.96.1000915110608.12381A-100000@utah>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Sep 15, 2000 at 11:08:21AM -0700, Jason C. Wells wrote:
> On 15 Sep 2000, Lowell Gilbert wrote:
> 
> > Remember, there's a chicken-and-egg problem:  if your system is
> > compromised, you can't trust its mtree executable to detect the fact.
> > Even if you have a "safe" copy of the executable, you can't trust the
> > system's standard libraries, because those may have been compromised too.
> > 
> > If you had a statically linked version of mtree on the floppy where you
> > keep the checksums, mtree would be roughly as good as tripwire, although
> > not as convenient, and certainly the tripwire option to build a standalone
> > floppy would take a bit of work to emulate.
> 
> Having never directly used either ubt knowing what they do, I now see that
> there are "implementation" issues that have to be considered.
> 
> Thank you for the input.  I would have neglected to consider the
> trustworthiness of the system libraries.

Well, thats not a fundamental problem - you can trivially link mtree statically.
Basically, I think mtree can do everything tripwire can, but it's a raw tool,
not a ready-to-use product and you will have to do a bit of scripting to use it
like that.

Kris
--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000915133313.A58409>