Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
* Chad Walstrom <firstname.lastname@example.org> [031201 22:28]:
> md5sums and signatures are most useful in the context of installation.
> Post-installation, you cannot be guaranteed that an intrusion rootkit
> doesn't compromise the md5sum files themselves. Using the installed
> *.md5sum files to check the integrity gives you a false sense of
> security unless those *.md5sum files are signed or CRC'd as well.
Someone using those md5sums stored there is comparable to someone using
the local md5sum utility or checking things from with the installed
> A true IDS is needed, such as aide, tripwire, or cfengine to detect
> post-installation intrusion. Tie in aide or tripwire database
> checks/updates with the apt.conf "PostInst" option in addition to a
> daily cronjon to ensure the database is updated in a timely manner.
I think this is even more stupid than using *.md5sums. When they are
daily generated, you have no chance at all to be sure they are not
Bernhard R. Link
Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.