Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: FreeBSD VM gremlinHarhalakis Stefanos (v13AETOS.IT.TEITHE.GR)
Sat, 19 Sep 1998 15:49:12 +0059
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Alan Cox: "Re: Incorrect Linux ARP behavior"
- Previous message: der Mouse: "Re: FreeBSD VM gremlin"
- In reply to: Warner Losh: "Re: FreeBSD VM gremlin"
- Next in thread: der Mouse: "Re: FreeBSD VM gremlin"
On Fri, 18 Sep 1998, Warner Losh wrote: > In message <199809181149.HAA21721lunacity.ne.mediaone.net> "Charles > M. Hannum" writes: > : > : > You should have md5 checksums of files that you are concerned about, > : > as timestamps are useless in the face of a good attacker. > : > : Rubbish! A checksum doesn't tell me that someone hadn't temporarily > : replaced the file and has now put the original back. > > Ummm, you still can't tell that for a competant attacker. A good > attacker can set the system time, frob the file, set it back let time > pass and then do the same thing to get the original back. You'd never > know. Irix has a nice 'feature' named fam (at least irix 6.4). fam==file alteration monitor and it will detect any file change and even more. I don't know how this works, but it works. I don't know if there is something similar to other OSs. > Warner <<V13>>