Re: signing a filesystem

Daniel A. Taylor (
Thu, 2 Jan 1997 09:36:38 -0600 (CST)


On Wed, 1 Jan 1997, Andrew G. Morgan wrote:

> Stephen C. Tweedie wrote:
> > On Tue, 31 Dec 1996 06:53:53 -0800 (PST), "Andrew G. Morgan"
> > <> said:
> >
> > > My primary purpose was to address the following question: when you reboot
> > > your system, how can you be sure that its filesystem is in the state it was
> > > when you last shutdown? ie. How can you be sure that someone hasn't booted
> > > DOS and used some disk editing software to modify the data on the disk?
> >
> > The only real way is to encrypt your data. Authentication is not
> > really adequate, since it leaves the original data open and vulnerable
> > to attack --- and therefore leaves your authentication software open
> > to attack. The only way around this is to try to make some kind of
[small snip]
> Yes, this has already been agreed. I agree, booting off a floppy or a CD (in
> the physical care of the sysadmin is the right way to set the ball rolling).
> There are many ways to modify the hardware of a system to defeat even this
> approach, but as usual the "cost" of such attacks is all that one can
> hope to maximize.
> > Encryption works better, because if your attacker cannot read the
> But addresses a different concern. It would also be (legally) difficult to
> freely distribute such stuff (and in some countries to use, France and
> perhaps Germany too soon...). A case where encryption would tend to defeat
> the value of the data stored on a medium is the case of a list of PGP public
> keys, such information becomes less than worthless if its content is
> restricted, but at the same time it is of prime importance to ensure that
> such data is "correct".

Encryption addresses the proper concern. An encrypted file
cannot be modified without decrypting it first. Any attempt
to modify it in it's encrypted state is likely to render the
file useless rather than simply changing the data by making
it impossible to decrypt. Therefore, if you are running on
an encrypted file system, any attempt to modify the files or
filesystem meta-data from outside the avenues provided by
the OS will result in filesystem corruption. If file system
integrity *OR* security is important enough to care, it is
better to have to do a full filesystem restore if either is
suspect than risk the loss of either.


Daniel Taylor Digi International Tech Support

Version: 2.6.2