[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums (was Re: System integrity...)


Am Mon, 14 Jun 1999 schrieb Chris:
> On Sun, Jun 13, 1999 at 03:46:42AM +0200, Martin Bialasinski wrote:
> <snip> 
> > CL> What is the criteria that determines which packages get .md5sums
> > CL> files stored in /var/lib/dpkg/info/ ??
> > 
> > The file is created during debian/rules binary by dh_md5sums or other
> > means.
> > 
> Yes...but I wasn't sure if there was policy requirement for this or not(?).
> Or is it just "a good thing"(TM)?
Is it a policy requirement ? If it is not, we may discuss about adding it. I
know there were discussions concerning that but I think we should take the 
(very good) statements mentioned in the last days into account.

> Would it be difficult to extract the md5 information from a debian package
> to store in a seperate record on a debian server (similar to package info
> stored in the package lists)?  We could then enhance debsums to download and
> use these records (which would hopefully be free from corruption/error).
dpkg-deb --info <debian-pacakge-file> md5sums

How much work would it be to create scripts for creating these records and to
enhance debsums ?
> This would be particularily usefull for people who want to verify installations
> that have been "hacked" (similar to the way tripwire requires a database
> on read-only media).  Having .md5sums on the local system isn't overly usefull
> for this, as they could be as easily modified as any system binaries.
I am in desperate need of such a verification method, as I am developing a
Debian-based firewall. We could also simply store the md5sums on a local,
read-only media (a cd-rom, a floppy, ...). But then dpkg has to be changed so
that we can configure the location of all security-related files (or can this
be done now ?) .


Rene Mayrhofer, ViaNova KEG             NIC-HDL: RM1677-RIPE
Email: rmayr@vianova.at                 Snail: Penz 217, A-4441 Behamberg

PGP(DSS): E661 2E45 9B7F B239 D422  0A90 A4C2 DA09 F72F 6EC5
PGP(D/H): B77F 51A8 B046 87A6 4D61  2C5D 742F F433 6732 E4DC
PGP(RSA): 5D D4 FD A6 CE AF 4B 82  67 7F 59 89 58 CA 61 0D
GPG:      5E50 BDA0 E0B7 75A7 08AA  1123 0A4C 9474 CAA2 658B

Version: PGPfreeware 5.0i for non-commercial use
MessageID: uSEkxMCN89YH38dfc+O3vsL+JM90PFNf


Reply to: