Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: FreeBSD VM gremlin

Re: FreeBSD VM gremlin

Harhalakis Stefanos (v13AETOS.IT.TEITHE.GR)
Sat, 19 Sep 1998 15:49:12 +0059

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: Incorrect Linux ARP behavior"
Previous message: der Mouse: "Re: FreeBSD VM gremlin"
In reply to: Warner Losh: "Re: FreeBSD VM gremlin"
Next in thread: der Mouse: "Re: FreeBSD VM gremlin"

On Fri, 18 Sep 1998, Warner Losh wrote:

> In message <199809181149.HAA21721lunacity.ne.mediaone.net> "Charles
> M. Hannum" writes:
> :
> : > You should have md5 checksums of files that you are concerned about,
> : > as timestamps are useless in the face of a good attacker.
> :
> : Rubbish!  A checksum doesn't tell me that someone hadn't temporarily
> : replaced the file and has now put the original back.
>
> Ummm, you still can't tell that for a competant attacker.  A good
> attacker can set the system time, frob the file, set it back let time
> pass and then do the same thing to get the original back.  You'd never
> know.

 Irix has a nice 'feature' named fam (at least irix 6.4).
fam==file alteration monitor and it will detect any file change
and even more. I don't know how this works, but it works. I don't
know if there is something similar to other OSs.

> Warner
<<V13>>

Next message: Alan Cox: "Re: Incorrect Linux ARP behavior"
Previous message: der Mouse: "Re: FreeBSD VM gremlin"
In reply to: Warner Losh: "Re: FreeBSD VM gremlin"
Next in thread: der Mouse: "Re: FreeBSD VM gremlin"