Re: MD5 sums of individual files?

To: hermit@bayview.com (William R. Ward)
Cc: debian-security@lists.debian.org
Subject: Re: MD5 sums of individual files?
From: Olaf Meeuwissen <olaf@epkowa.co.jp>
Date: 29 Mar 2001 12:58:32 +0900
Message-id: <[🔎] 87u24dtedz.fsf@frodo.epkowa.co.jp>
In-reply-to: <[🔎] m2hf0d9tya.fsf@komodo.bayview.com>
References: <[🔎] m2hf0d9tya.fsf@komodo.bayview.com>

hermit@bayview.com (William R. Ward) writes:

> One way to test if you have been hacked is to run an MD5 checksum of
> key binaries and look to see if it's been replaced by the intruder.
> Is there any place where the MD5 sums of individual executable files
> (not the .deb files, but the /usr/bin/xxxx files that come from them)
> can be obtained?

The info you're looking for can, for most packages at least, be found
in /var/lib/dpkg/info/*.md5sums.  These files have MD5 sums for all
files included in the .deb.

Note that if you get hacked you can no longer rely on these files (so
put them some place safe *before* you let other folks use or connect
to your machine).  Of course, /usr/bin/md5sum is also suspect and can
not be relied upon to tell you the truth.
-- 
Olaf Meeuwissen       Epson Kowa Corporation, Research and Development

Reply to:

Follow-Ups:
- Re: MD5 sums of individual files?
  - From: hermit@bayview.com (William R. Ward)

References:
- MD5 sums of individual files?
  - From: hermit@bayview.com (William R. Ward)

Prev by Date: MD5 sums of individual files?
Next by Date: Re: MD5 sums of individual files?
Previous by thread: MD5 sums of individual files?
Next by thread: Re: MD5 sums of individual files?
Index(es):
- Date
- Thread