checking system integrity
Previously there were proposals on this mailing list to check the
system integrity, by saving the md5sums of files. However, this
has a number of limitations:
- no way to ensure md5sum is not altered (unless stored on read-only
- no way to check symlinks.
- no way to check other parameters, eg. permissions, and file size
(people have said just checking the md5sum by itself is not good
enough, you need to check the size, too).
So, I have started of by writing perl scripts that
a) construct an index file (XML based) that records parameters of the
file (eg md5sum, size, symlink).
b) allows signing this file (as many times as required) with gpg. eg.
you could sign the file on the original computer, securely transfer it
to another, and sign it with another key there.
All files are combined into one ar archive.
So basically I reduce the problem from "has file X changed" to "are
the public keys correct and the programs used to validate this
(note: the signatures could be validated on another computer too, if
you trust it more).
Probably the hardest bit is ensuring that the program carries out its
checks on files correctly. Ideally the program should be statically
linked in compiled form, so it can be run from read-only floppy disk,
for instance (currently it is written in Perl)
Although it works, there are a number of implementation issues I still
need to fix (eg. rewriting it in C).
Brian May <email@example.com>