D. J. Bernstein writes:
> Russell Nelson writes:
> > binaries vary from machine to machine, and
> > cannot be compared against a known-good copy.
>
> The same is true of all sorts of configuration files, so of course the
> system can deal with it.
I'm sorry, I must be dumber than you. I don't follow the "of course"
handwaving.
> > Restore the system to a usable state through removal of tainted binaries.
>
> If your machine has been compromised, you must reinstall. If you merely
> verify the constant files, you are missing hundreds of security-critical
> system-dependent files. Your suggestion, manual inspection, is absurd.
Manual inspection of binaries is absurd, I agree with you. Manual
inspection of system-dependent files is not absurd. Doing a ``diff''
against configuration files of known quality is quite reasonable. I
know; I have done it. Do not tell me that something I have done is
absurd. My experience tells me that you are wrong. You will not be
able to persuade me that something that I have done is not possible.
The cost of regenerating a system from scratch is impossibly high.
Your suggestion, reinstallation, is absurd.
> > That means that qmail must carry its own binary editor around with it.
>
> Simple matter of programming, already done in qmail 1.03. No problem.
How do I know this code is secure? How do I know that it has modified
the right thing? You are dismissing my objections, not addressing
them. I am not being persuaded, I am being told that my concerns are
unimportant.
It is easier to fail than to change. You refuse to change; you
continue to fail. If you continue to dismiss my concerns rather than
address them, you will continue to fail to persuade me. I can
*guarantee* it.
> > If modification is not possible,
>
> Red herring. Modification is possible.
Modification is not possible for redhat, since they cryptographically
sign the executables on their CD. Are you saying that cryptography is
a bad thing?
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
