On 9/7/2017 2:32 PM, Jens Alfke wrote:
On Sep 7, 2017, at 10:24 AM, Igor Tandetnik <i...@tandetnik.org> wrote:
"Device will refuse to install" is precisely an instance of "security built in at
the OS level".
Yes, but that's beside the point; it wasn't the relevant part of the example.
Any software, privileged or not, can verify the signature and detect whether
the binary has been modified. That's what the OP wants.
It might be difficult to keep the private key secret. A technician that has
direct access to SQLite database file probably also has access to the binary
used to manipulate it; and that binary would need the private key lying around
Basically, if you can't trust your own admin personnel, you'd need a kind of
military-grade security a la NSA post-Snowden, e.g. requiring two separate
people to authenticate before access is granted. That gets pretty expensive
sqlite-users mailing list