From: Jeff Barber <jeffb@sware.com>
??? An upload can be automated, just like anything other solution.
Then the automated part (script or whatever) simply becomes another piece that needs to be protected. There need be no part of the script/etc. that relies upon persistent information on the target machine. You can simulate the whole thing as typing, if need be. You've merely added the compiler and its associated utilities to your regression list. It occurs to me that there's no need even to use the compiler, if you're willing to upload binary images directly. And if you want to use the compiler, the effort involved in making a recognizer for an ever mutating source is not trivial. Variable names can change, parse trees can change, control structures can change. Nothing is gained -- other than additional irritation and delay. Additional cost of subversion is _exactly_ the issue here. We're not talking about perfect security; that's impossible in this case, and has been acknowledged as impossible. What is at issue is making it difficult for a not-completely-dedicated-to-your-destruction sysadmin to subvert personal files. Furthermore, the pragmatics of a personal tripwire are that it only needs to indicate failure once. As soon as I found out that my files weren't safe in their place of residence, I'd leave. The practical question should not be one of fighting a running battle with a hostile root; root always wins, period. A useful outcome of this discussion would be a feasible way of detecting the first modification. Almost always this will not be a full-scale effort. Eric