Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)

To: debian-devel@lists.debian.org
Subject: Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
From: "Bernhard R. Link" <blink@informatik.uni-freiburg.de>
Date: Tue, 2 Dec 2003 14:01:23 +0100
Message-id: <[🔎] 20031202140123.A7688@ganymed.informatik.uni-freiburg.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20031201201140.GC1952@wookimus.net>; from chewie@wookimus.net on Mon, Dec 01, 2003 at 02:11:40PM -0600
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org> <[🔎] 3FCB50A2.90907@beamnet.de> <[🔎] 20031201161124.GA21059@complete.org> <[🔎] 20031201170828.GA17611@zombie.inka.de> <[🔎] 20031201201140.GC1952@wookimus.net>

* Chad Walstrom <chewie@wookimus.net> [031201 22:28]:
> md5sums and signatures are most useful in the context of installation.
> Post-installation, you cannot be guaranteed that an intrusion rootkit
> doesn't compromise the md5sum files themselves. Using the installed
> *.md5sum files to check the integrity gives you a false sense of
> security unless those *.md5sum files are signed or CRC'd as well.

Someone using those md5sums stored there is comparable to someone using
the local md5sum utility or checking things from with the installed
kernel running.

> A true IDS is needed, such as aide, tripwire, or cfengine to detect
> post-installation intrusion.  Tie in aide or tripwire database
> checks/updates with the apt.conf "PostInst" option in addition to a
> daily cronjon to ensure the database is updated in a timely manner.

I think this is even more stupid than using *.md5sums. When they are
daily generated, you have no chance at all to be sure they are not
modified.

Hochachtungsvoll,
  Bernhard R. Link

-- 
Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.

Reply to:

Follow-Ups:
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Chad Walstrom <chewie@wookimus.net>

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: Revival of the signed debs discussion
  - From: John Goerzen <jgoerzen@complete.org>
- debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Eduard Bloch <edi@gmx.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Chad Walstrom <chewie@wookimus.net>

Prev by Date: Re: [debian enterprise] sub-project planning
Next by Date: Re: Revival of the signed debs discussion
Previous by thread: Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
Next by thread: Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
Index(es):
- Date
- Thread