Re: Bug#540215: Introduce dh_checksums

To: debian-devel@lists.debian.org
Subject: Re: Bug#540215: Introduce dh_checksums
From: Russell Coker <russell@coker.com.au>
Date: Tue, 9 Mar 2010 11:14:23 +1100
Message-id: <[🔎] 201003091114.23871.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20100308225913.GA25043@gnu.kitenet.net>
References: <[🔎] 874okyuov4.fsf@windlord.stanford.edu> <[🔎] 87d3zea1fu.fsf@windlord.stanford.edu> <[🔎] 20100308225913.GA25043@gnu.kitenet.net>

On Tue, 9 Mar 2010, Joey Hess <joeyh@debian.org> wrote:
> Russ Allbery wrote:
> > The missing link, in this validation scenario, is how to get a signed
> > copy of the MD5 checksums of the files in the package.
>
> That's one missing link. The other one is that there are innumerable
> ways for an attacker to inject bad behavior/backdoors onto a system
> without touching binaries originating from dpkg. Expecting debsums to
> protect against any form of attack is bound to result in a false sense
> of security; and AFAIK aide makes a credible[1] attempt at solving the
> same problem.

> [1] Though my SWAG is that it's still not complete when you consider
>     the boodloader, permissions of files in /dev, or subtly corrupted
>     partitions.

http://etbe.coker.com.au/2010/03/08/designing-secure-linux/

I blogged about some of these things yesterday.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog

Reply to:

References:
- Re: md5sums files
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: libgcrypt brain dead?
Next by Date: Re: libgcrypt brain dead?
Previous by thread: Re: Bug#540215: Introduce dh_checksums
Next by thread: Re: Bug#540215: Introduce dh_checksums
Index(es):
- Date
- Thread