[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Are we able to verify the enviroment?

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Are we able to verify the enviroment?
Thread replies: 11
Thread images: 1

Anonymous
Are we able to verify the enviroment? 2016-06-29 17:47:22 Post No. 55322147
[Report] Image search: [Google]
Are we able to verify the enviroment? Anonymous 2016-06-29 17:47:22 Post No. 55322147 [Report]
From the point of view of an user executed program, how do you know that the system you are being executed in is legit? This question came to my mind when i read that fingerprint reader of android phones or the android pay system requires selinux in enforced or root not activated, or not having a custom recovery, in order to be sure that it is used in a secure enviroment... But how does the program know if that one selinux that says is in enforced is in fact a true legit selinux in enforced and not a fake selinux created to fool the program into thinking it is a safe enviroment?
I mean, and overall thinking, is there a way to check if all the (linux or not) system you are into is really the system it says it is?
From a superuser point of view you can always build from sources and check files but from an user executed program, what can you do?
Because you know, you can always overwrite the SELinux system into a modified one that does the exactly same job except for specific things (for example, in order to see private info you wouldnt be able to see)
>>
Anonymous 2016-06-29 18:22:05 Post No.55322725
[Report]
Anonymous 2016-06-29 18:22:05 Post No.55322725 [Report]
no one? ;(
>>
Anonymous 2016-06-29 18:22:24 Post No.55322730
[Report]
Anonymous 2016-06-29 18:22:24 Post No.55322730 [Report]
The developer could publish signed binaries.
>>
Anonymous 2016-06-29 18:28:07 Post No.55322819
[Report]
Anonymous 2016-06-29 18:28:07 Post No.55322819 [Report]
Not really. OS can pretty much tell whatever it wants to programs running on it.
>>
Anonymous 2016-06-29 19:35:22 Post No.55324155
[Report]
Anonymous 2016-06-29 19:35:22 Post No.55324155 [Report]
>>55322147
Android Pay just checks if root is enabled, and if so, doesn't let you proceed. There's no security magic in it. You can patch out the check or have the OS lie about it.

It's just there to make it harder for people to fuck themselves (and Google who has to deal with their mess) when they have no idea what the possible implications are of simulatanously using custom roms, root access, Android pay and shitty fake puzzle&dragons cheaters.
>>
Anonymous 2016-06-29 19:38:37 Post No.55324212
[Report]
Anonymous 2016-06-29 19:38:37 Post No.55324212 [Report]
>>55322147
>an user
>an
>>
Anonymous 2016-06-29 19:40:18 Post No.55324244
[Report]
Anonymous 2016-06-29 19:40:18 Post No.55324244 [Report]
>>55324155
yea, i know, the question is if you can check if the system is legit
>>55324212
sorry mister dictionary, but you are in an international website
>>
Anonymous 2016-06-29 20:03:56 Post No.55324686
[Report]
Anonymous 2016-06-29 20:03:56 Post No.55324686 [Report]
>>55324244
>vocabulary == grammar
>in a website
I'm not him.
I am also not a native English speaker/writer, put in some effort.
>>
Anonymous 2016-06-29 20:06:12 Post No.55324730
[Report]
Anonymous 2016-06-29 20:06:12 Post No.55324730 [Report]
DUDE WEED LMAO
>>
Anonymous 2016-06-29 20:07:45 Post No.55324756
[Report]
Anonymous 2016-06-29 20:07:45 Post No.55324756 [Report]
>>55324686
put in some effort thinking, if i werent putting any effort i would not even be talking in english at all... just by thinking a little bit you would realise people could made mistakes...
Im very sorry for offending your grammar sense
>>
Anonymous 2016-06-29 20:11:38 Post No.55324831
[Report]
Anonymous 2016-06-29 20:11:38 Post No.55324831 [Report]
>>55322147
you can check (or used to be able to...) if the program is running on a VM from some small asm code. also, you can check for typical devices (PCI/CPU/...) used in VMs, like QEMU/VBOX disk or whatever. also, check for number of usable cores vs advertised in the CPU.
Thread posts: 11
Thread images: 1
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.