Guaranteeing running code is signed
Krzysztof Halasa
khc at pm.waw.pl
Sun May 10 13:31:58 UTC 2009
Björn Persson <bjorn at rombobjörn.se> writes:
> It's impossible to verify the security of a computer system from within the
> system itself. If a malicious person may have had root access, then RPM, GPG,
> SElinux and the auditing subsystem may all have been tampered with and you
> can't trust that they tell you the truth. Reinstalling is the only way to be
> sure.
Sure? Someone may have planted something in a motherboard flash ROM
(easy), in VGA flash, in CD/DVD flash, in HDD flash and/or "service"
sectors etc.
You can't be 100% sure that a brand-new hardware is clean.
--
Krzysztof Halasa
More information about the fedora-devel-list
mailing list