From 6c18394a04fdfc353a017c08d77ef4cef7370aeb Mon Sep 17 00:00:00 2001 From: Rob Date: Wed, 15 Jul 2009 13:58:53 +0200 Subject: [PATCH] Some corrections in the manual --- signduterre.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/signduterre.py b/signduterre.py index c1048e7..2818c52 100755 --- a/signduterre.py +++ b/signduterre.py @@ -39,8 +39,8 @@ Options: -r, --release-notes Print the release notes and exit -l, --license Print license text and exit -v, --verbose Print more information - -q, --quiet Print minimal information (hide filenames) -r + -q, --quiet Print minimal information (hide filenames as [i]) + FILE1 FILE2 ... Names and paths of one or more files to be checked. Any name starting with a '$', eg, $PATH, will be interpreted as an environmental variable or command according to the bash conventions: @@ -70,6 +70,10 @@ lstat(/) = [st_mode=041775, st_ino=2, st_dev=234881026, st_uid=0, st_gid=80, st_ Note that nlinks of a directory include every file in the directory, so this will check whether files have been added to a directory. +Arguments enclosed in []-brackets will be hidden in the output. That is, '[/proc/self/exe]' will show up as +'[1]' in the output (or '[n]' with n the number of the hidden argument). This means the hidden arguments +must be entered again when using the --check-file (-c) option. + Signature-du-Terroir A very simple security application to test for the integrity of files and "states" in a computer installation. @@ -89,7 +93,7 @@ on the fly. SECURITY WARNINGS: When run on a compromised system, signduterre.py can be subverted if the attacker keeps a copy of all the files and -reroutes the open() and lstat() functions, or simply delegating signduterre.py to a chroot jail with the original system. +reroutes the open() and stat() functions, or simply delegating signduterre.py to a chroot jail with the original system. In principle, signduterre.py only checks whether the computer responds identically to when the sinature file was made. There is no theoretic barrier against a compromised computer perfectly simulating the original system when tested, but behaving adversely at other times. Except for running from clean boot media (USB?), I know of no theoretical @@ -98,7 +102,7 @@ sound solution to this problem ;-) However, this scenario assumes the use of unlimited resources and time. Inside a limited, real computer system, the attacker must make compromises on what can and what cannot be simulated with the available time and hardware. The idea behind signduterre.py is to "ask difficult questions" that increase the cost of simulating the original system -high enough to make detection of successful attacks likely. But signduterre.py simply intended to raise the bar. +high enough to make detection of successful attacks likely.signduterre.py simply intends to raise the bar high enoug. One point is to store the times needed to create the original hashes. This timing can later be used to see whether the new timings are reasonable. If the same hardware takes considerably longer to perform the same calculations, or needs a much longer delay before it starts, the tester might want to see where this time is spent. -- 2.11.4.GIT