Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!bria!mike
From: mike@bria.AIX (Mike Stefanik/78125)
Newsgroups: comp.unix.admin
Subject: Re: Preventing date rollback
Message-ID: <306@bria.AIX>
Date: 3 Jan 91 19:08:39 GMT
References: <RICHARD.90Dec3143525@dataspan.dataspan.UUCP> <292@bria.AIX> <1976@necisa.ho.necisa.oz.au>
Distribution: comp
Organization: Briareus Corporation, Los Angeles, CA
Lines: 24

In article <1976@necisa.ho.necisa.oz.au>, boyd@necisa.ho.necisa.oz.au (Boyd Roberts) writes:
> In article <292@bria.AIX> mike@bria.AIX (Mike Stefanik/78125) writes:
> >
> > [ stuff about re-writting a string in an executable ]
> >
> >The above is preferable over using inode information such as access time,
> >because that can easily be fudged.
> >
> 
> And what stops me from re-writing the string in the executable?

Nothing, for the truly dedicated individual.  The whole point of security
(IMHO) is not to make it impossible, but to make it as *painful* as possible.
Anyone with enough intellect, interest, dedication, etc. can break any security
scheme.  However, encoding the date in the executable would make it more
painful for the would-be pirate than would using the touch command.

If your looking for a perfect security scheme, then don't let anyone use
your software but you.

-----------------------------------------------------------------------------
Michael Stefanik, Systems Engineer (JOAT), Briareus Corporation
UUCP: ...!uunet!bria!mike
"If it was hard to code, it should be harder to use!"