RE: Root Kit Protection
> 2) each package has a md5sum list of every file it contains, this list
> is signed by the maintainers GnuPG key. when a package is installed
> this signed list is added to the system list. I think this might be
> rather slow as a verifcation has to perform many separate signature
> verifications (1000 packages installed 1000 GnuPG signutures to check
> for each package list)
>
Most of this information is already present in the dpkg/apt database.
You can already determine which package a file belongs to using dpkg,
so it should be possible to also include an md5sum for each such package.
It might even make sense to limit these md5sums to executables (meaning
libraries, executable binaries, and executable scripts). Documentation,
graphics, sound files, etc., are probably not as critical to protect.
This "database" could then be something that would be updated using
apt-get update or similar.
> 3) md5sums of all files are gathered together in a single database
> (either by gathering the md5sums from the packages, or less preferably
> scanning the disk) and that database is re signed every time its
> updated by the administrator's private GnuPG key.
>
I don't think this would be useful (at least by itself) because the
administrator could inadvertently sign cracked binaries. If the system
is compromised I don't think we can trust it. We can trust a list of
md5sums signed by a trusted key, because tampering with the list would
prevent the signature from validating. Of course, this could be
circumvented
by an attacker cracking Master, but if that's the case all bets are off
anyway, so I don't think we loose much by making this assumption.
-Brent
Reply to: