Re: FreeBSD VM gremlin

From: Harhalakis Stefanos (v13at_private)
Date: Sat Sep 19 1998 - 07:50:12 PDT

Next message: Niall Smart: "Re: Tcpwrapper 7.6 - feature -"

Previous message: Steven M. Bellovin: "Re: Incorrect Linux ARP behavior"
Maybe in reply to: Charles M. Hannum: "FreeBSD VM gremlin"
Next in thread: James McParlane: "Re: FreeBSD VM gremlin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 18 Sep 1998, Warner Losh wrote:

> In message <199809181149.HAA21721at_private> "Charles
> M. Hannum" writes:
> :
> : > You should have md5 checksums of files that you are concerned about,
> : > as timestamps are useless in the face of a good attacker.
> :
> : Rubbish!  A checksum doesn't tell me that someone hadn't temporarily
> : replaced the file and has now put the original back.
>
> Ummm, you still can't tell that for a competant attacker.  A good
> attacker can set the system time, frob the file, set it back let time
> pass and then do the same thing to get the original back.  You'd never
> know.

 Irix has a nice 'feature' named fam (at least irix 6.4).
fam==file alteration monitor and it will detect any file change
and even more. I don't know how this works, but it works. I don't
know if there is something similar to other OSs.

> Warner
<<V13>>

Next message: Niall Smart: "Re: Tcpwrapper 7.6 - feature -"
Previous message: Steven M. Bellovin: "Re: Incorrect Linux ARP behavior"
Maybe in reply to: Charles M. Hannum: "FreeBSD VM gremlin"
Next in thread: James McParlane: "Re: FreeBSD VM gremlin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:01 PDT