|
From: | Daniel Carrera |
Subject: | Re: [Monotone-devel] db kill_rev_locally |
Date: | Sun, 12 Oct 2008 00:06:49 +0200 |
User-agent: | Thunderbird 2.0.0.17 (Macintosh/20080914) |
Ethan Blanton wrote:
Monotone *cannot* have anything but recovery. If the attacker has write access to your database on the filesystem (which is necessary for thsi attack), he/she can just fire up 'sqlite' and remove as many records as desired. It doesn't matter what monotone wrote or annotated, in that case. In general, yes, audit trails are great -- but make sure your prevention and detection match the threat model you're supposing.
See my last email. There are standard ways to avoid modification of the database file through anything but 'mtn'.
Daniel.
[Prev in Thread] | Current Thread | [Next in Thread] |