[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)

* Chad Walstrom <chewie@wookimus.net> [031201 22:28]:
> md5sums and signatures are most useful in the context of installation.
> Post-installation, you cannot be guaranteed that an intrusion rootkit
> doesn't compromise the md5sum files themselves. Using the installed
> *.md5sum files to check the integrity gives you a false sense of
> security unless those *.md5sum files are signed or CRC'd as well.

Someone using those md5sums stored there is comparable to someone using
the local md5sum utility or checking things from with the installed
kernel running.

> A true IDS is needed, such as aide, tripwire, or cfengine to detect
> post-installation intrusion.  Tie in aide or tripwire database
> checks/updates with the apt.conf "PostInst" option in addition to a
> daily cronjon to ensure the database is updated in a timely manner.

I think this is even more stupid than using *.md5sums. When they are
daily generated, you have no chance at all to be sure they are not

  Bernhard R. Link

Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.

Reply to: