Date: Fri, 22 Aug 1997 08:26:20 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: hackers@FreeBSD.ORG Subject: Re: How hard would it be for the boot blocks to validate Message-ID: <19970822082620.XM01678@uriah.heep.sax.de> In-Reply-To: <Pine.NEB.3.95.970821121842.18322i-100000@mail.cdsnet.net>; from Jaye Mathisen on Aug 21, 1997 12:19:05 -0700 References: <Pine.NEB.3.95.970821121842.18322i-100000@mail.cdsnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
As Jaye Mathisen wrote: > the integrity of the kernel binary itself? Right now? Impossible. If we've got 8 spare bytes in the bootblocks, it's probably already plenty. Also, how are you going to check any integrity of /kernel? Would you put the entire MD5 into the bootblocks? Well, when going to a 3-stage bootstrap, space is no longer a big problem, but the number of vulnerable files will be extended (from just /kernel to /boot + /kernel), so no help for your problem at all. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970822082620.XM01678>