[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)



On Mon, Dec 01, 2003 at 06:08:28PM +0100, Eduard Bloch wrote:
> Kinda off-topic but nowhere in the discussion the question of checking
> already installed files was adressed and it should be asked:

md5sums and signatures are most useful in the context of installation.
Post-installation, you cannot be guaranteed that an intrusion rootkit
doesn't compromise the md5sum files themselves. Using the installed
*.md5sum files to check the integrity gives you a false sense of
security unless those *.md5sum files are signed or CRC'd as well.
Regardless, using md5sums of selected files does not identify files that
are not part of that set.

A true IDS is needed, such as aide, tripwire, or cfengine to detect
post-installation intrusion.  Tie in aide or tripwire database
checks/updates with the apt.conf "PostInst" option in addition to a
daily cronjon to ensure the database is updated in a timely manner.

For install-time integrity checking, GnuPG signatures or the existing
chain of md5sum and signed Release files should be sufficient without
adding undue complexity.  Integration of debsigs would be a welcome
addition to dpkg.  Folling it's creation, does anyone have a case study
or success story hailing the usefulness of debsigs?

-- 
Chad Walstrom <chewie@wookimus.net>           http://www.wookimus.net/
           assert(expired(knowledge)); /* core dump */

Attachment: pgpaF9lMbdh1n.pgp
Description: PGP signature


Reply to: