Re: Secure apt-get
I'd first like to say that I'd second the idea of some sort of
signature for debian packages.
On Thu, Jan 18, 2001 at 10:53:16PM +0100, Goswin Brederlow wrote:
>
> But how likely is a man in the middle attack anyway? Use switches and
> strict routing and theres hardly anyone in the middle. The data comes
> from your isp to your router to your system. If you don't trust your
> router, your fault. If you don't trust your ISP, bad.
How about those routers hacked if they are maintained badly? I
remember seeing some posts about vulnerabilities on bugtraq some
time ago. How about somebody gaining access to a debian mirror or
somebody running a fake mirror? How about somebody else than you
downloading some packages for you?
At least the last point would warrant for a per-package
signature. I know this has to be done by an automated process and
will be much weaker than a sigature created by an individual. And
you would have to document that, too. E.g.: "dpkg --check-sigs:
Verify if the package was installed into the debian-archive by
checking an automatically generated signature"
I wonder how other vendors sign their packages. Do they really
have one person to sign all their packages? Which is no more
secure than using a programm, either, because this person would not
know much about the individual packages.
> By the way, how do you know that the debian keyring is what it claims
> to be? You know some maintainers and signed their keys, so they should
> be fine. What about all the other keys in the keyring? Are all keys in
> the keyring connected by signatures or are there groups of keys that
> don't have any signatures across the groups? If there are groups,
> maybe a man in the middle created such a false group. How would you
> know. Maybe you could write some code to check the connectivity of the
> keyring. :)
The answer is no. Just search the archives for the thread
"graphing the debian keyring" (September 2000) reveals the
following url:
http://www.chaosreigns.com/debian-keyring/
> PS: Just because your paranoid doesn't mean they are not waiting for you outside.
Hmm. I can't see anybody out there. Maybe they're already in my
apartment? ;)
Ingo
--
16 Hard coded constant for amount of room allowed for
cache align and faster forwarding (tunable)
-- seen in /usr/src/linux-2.2.14/net/TUNABLE
Reply to: