[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root Kit Protection

-----BEGIN PGP SIGNED MESSAGE-----


On 17-Feb-2000 Johno Sullivan wrote:
> If security is the primary concern over everything else, why not make an
> iso image using all the parts of the filesystem that you want to be
> read-only - slap it on a cd and mount a few hdd partitions off of it for
> areas you need to write to. rootkit that! It only costs a
> pound/dollar/whatever each time you want to make some changes to the
> read-only parts.

And mount everything else noexec, nosuid, nodev. 

Good point, but few people will do it in real life. So having a set of MD5
sums, clean media to boot is still a good idea. 

Back on topic: 

RFC: is it possible to maintain a collection of MD5s of all executables in all
package versions for debian-stable (at least) and query this somehow so people
can verify stuff when they are unsure. 

F.E. what is the MD5 sum of mount in debian alpha from package versioned
2.10d-4 supposed to be? Right now you can get only the DEB checksum

http as a method will do...

- ----------------------------------
Anton R. Ivanov
IP Engineer Level3 Communications
RIPE: ARI2-RIPE      E-Mail: Anton Ivanov <aivanov@eu.level3.net>
@*** May's Law ***
      The quality of the correlation is inversely proportional to the
      density of the control (the fewer the facts, the smoother the
      curves).

- ----------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBOKwK9ylWAw/bM84zAQGCzgf8DRtAroodWxFyaCjEbObFPmG+u0xbB8OA
51wcNOLVTHwQ/3LeZpjD4Ra4OIsICVPvzLK/OtBDyJalvJhDnU6247NtEFq9QwaU
LPVqtw4yZUPIHiMGIFC4c9129NXFo9pZvLVqqICjhEB7T/C428V+rAHADKqf55O8
SZ0DOPc4fX55zrAvOnhbcQKaNmPm1wKOyykE2n8Gt8vhYjpXSOjnTE1Rs2kxU3UH
U6x6jgXK8rTqml/zsuPNgAWAK04gOwcG+2ye08nskPZAjVOtu4dzn7ha4Y0nDo5J
oilaubm15LoSypzIsUNsgb/Z+vljjkCUS5M2V40Z3Z7BtD6alpbO3A==
=hzSp
-----END PGP SIGNATURE-----
Reply to: