On Mon, Apr 21, 2003 at 01:52:18PM +0100, Steve Kemp wrote: > On Mon, Apr 21, 2003 at 09:05:58AM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: > > > It doesn't tackle the issue of dpkg _not_ storing filesystem permissions. > > This makes it not feasible to easily recover the system after a 'chmod -R > > go-rwx /' besides reinstalling all the packages (that's why I pointed to > > #187019) > > One of the things the standalone checksecurity package was going to do > was maintain a `database` of file modes, permissions, and their > checksums. That's what Tiger calls 'signatures'. It's pretty easy to do at the moment, but I have not updated signatures for Debian for quite some time. If you intend to keep a database you also have to consider that for every patch (i.e. security update in a DSA) you need to regenerate it.. > > Sadly this hasn't happened yet, but if it does get split away from the > cron package then I would be happy to implement all the required > features. > Well, we discussed about this but no-one stepped over to implement it. I believe the cron package maintainer would be very grateful if someone implemented a 'checksecurity' package which fixed all its current bugs (#102186, #171980, #177120, #31902, #46779, #54376, #59809, #138484, #154390, #163813, #176090) taking over its maintenance. Regards Javi PS: IMHO checksecurity should be priority Standard and should implement much more checks than it currently does. Unfortunately, I'm already working with Tiger and cannot work on this but I would really appreciate if someone helped out here.
Attachment:
pgpdoPpv2pAxj.pgp
Description: PGP signature