[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5 checksums

On Mon, Apr 21, 2003 at 01:52:18PM +0100, Steve Kemp wrote:
> On Mon, Apr 21, 2003 at 09:05:58AM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> > It doesn't tackle the issue of dpkg _not_ storing filesystem permissions. 
> > This makes it not feasible to easily recover the system after a 'chmod -R
> > go-rwx /' besides reinstalling all the packages (that's why I pointed to 
> > #187019)
>   One of the things the standalone checksecurity package was going to do
>  was maintain a `database` of file modes, permissions, and their
>  checksums.

That's what Tiger calls 'signatures'. It's pretty easy to do at the moment, 
but I have not updated signatures for Debian for quite some time. If you 
intend to keep a database you also have to consider that for every patch 
(i.e. security update in a DSA) you need to regenerate it..

>   Sadly this hasn't happened yet, but if it does get split away from the
>  cron package then I would be happy to implement all the required
>  features.

Well, we discussed about this but no-one stepped over to implement it. I 
believe the cron package maintainer would be very grateful if someone 
implemented a 'checksecurity' package which fixed all its current bugs 
(#102186, #171980, #177120, #31902, #46779, #54376, #59809, #138484, 
#154390, #163813, #176090) taking over its maintenance.



PS: IMHO checksecurity should be priority Standard and should implement 
much more checks than it currently does. Unfortunately, I'm already working 
with Tiger and cannot work on this but I would really appreciate if someone 
helped out here.

Attachment: pgpdoPpv2pAxj.pgp
Description: PGP signature

Reply to: