Thread replies: 11
Thread images: 1
Anonymous
Are we able to verify the enviroment?
2016-06-29 17:47:22 Post No. 55322147
[Report]
Image search:
[Google]
Are we able to verify the enviroment?
Anonymous
2016-06-29 17:47:22
Post No. 55322147
[Report]
From the point of view of an user executed program, how do you know that the system you are being executed in is legit? This question came to my mind when i read that fingerprint reader of android phones or the android pay system requires selinux in enforced or root not activated, or not having a custom recovery, in order to be sure that it is used in a secure enviroment... But how does the program know if that one selinux that says is in enforced is in fact a true legit selinux in enforced and not a fake selinux created to fool the program into thinking it is a safe enviroment?
I mean, and overall thinking, is there a way to check if all the (linux or not) system you are into is really the system it says it is?
From a superuser point of view you can always build from sources and check files but from an user executed program, what can you do?
Because you know, you can always overwrite the SELinux system into a modified one that does the exactly same job except for specific things (for example, in order to see private info you wouldnt be able to see)