LFS using the cryptoapi hint...

Bryan Breen Bryan.C.Breen.1 at gsfc.nasa.gov
Tue Jul 8 19:33:27 PDT 2003


At 17:15 7/8/03 -0500, Dagmar d'Surreal wrote:
>On Tue, 2003-07-08 at 04:42, Zibeli Aton wrote:
>
>> I'm quite sure the signature-checking script is indeed
>> supposed to be the encrypted partition, not in the
>> bootloader.  While the bootloader will indeed have
>> already been loaded before the script then detects a
>> compromise of it, at least at that point you can
>> minimize the damage by aborting the init before
>> networks are brought up, etc.  If the script is
>> instead left in the unencrypted bootloader partition,
>> all an attacker would have to do after modifying the
>> bootloader (or boot sector) is to adjust the MD5 sum
>> contained in the unencrypted script to match that of
>> the comprimised loader/sector and the script would not
>> even detect the compromise, by far an even worse
>> option.
>
>Yes, well, I'm equally sure that it can _not_ be executed from the
>filesystem on /dev/hda1 unless you'd like to spend a LOT of time fudging
>up an md5sum that will still be valid after you stick it into it's own
>hash.  I'm hoping the author of the hint didn't actually make the
>mistake of suggesting this very thing and that the readers are merely
>confused.  If they're not confused then there's a count argument missing
>from the second chunk of script.

Zibeli is correct, the signature checking script is to be in the encrypted
partition. The confusion seems to be that the encrypted partition is *not*
hda1, but is hda2.

Check my earlier response to this to hopefully clarify the issue a bit.


-- 

- Bryan

+==========================+
| Any opinion expressed in |
| this message is my own   |
| and not those of NASA.   |
+==========================+

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list