Basil Mohamed Gohar wrote:
On 05/10/2009 09:31 PM, Krzysztof Halasa wrote:
Björn Persson writes:
It's impossible to verify the security of a computer system from within the
system itself. If a malicious person may have had root access, then RPM, GPG,
SElinux and the auditing subsystem may all have been tampered with and you
can't trust that they tell you the truth. Reinstalling is the only way to be
sure.
Sure? Someone may have planted something in a motherboard flash ROM
(easy), in VGA flash, in CD/DVD flash, in HDD flash and/or "service"
sectors etc.
You can't be 100% sure that a brand-new hardware is clean.
Shift this register/logic enough in one direction, and it's going to
overflow into "just trust everything"...
Indeed. (I've read stuff about military testing microchips to verify
that the circuitry is correct. Forget flash, eeprom, even rom; do you
trust the fab plant that built your CPU?)
--
Matthew
ENOWIT: .sig file for this machine not set up yet
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
