[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

On Wed, Mar 03, 2010 at 03:16:08PM +0100, Bernhard R. Link wrote:
> * Harald Braumann <harry@unheit.net> [100303 14:49]:
> > But it would be great if the whole chain, from beginning to end, was
> > secured, even against a malicious and presumably very powerful attackers.
> Checksums for files coming from packages is not really useful to defend
> against attackers (it's really only reliablity and not security):
> - an attacker can just divert any binary away and put it's own there.
It's not about preventing an attack, but detecting it. With cryptographically
strong hashes/signatures in place, you can audit the system. Of course you'd 
have to boot from a trusted medium. How would you do that without signatures?

> - an attacker can just add some additional binary where it will override
>   another one (/sbin overriding /usr/sbin and so on).
> - an attacker can add things to configuration and startup files
>   (thanks to .d directories you often not even need changing but only
>    adding files), including search binary or library paths, so one could
>   add binaries or behaviour changing libraries in directories not
>   looking that suspicious.
Yes, a full IDS needs additional work. It would have to check for files
without hashes/signatures and would have to allow you to hash and sign
files in /etc, /usr/local, /opt, whatever).

> Most of those things can perhaps be fixed, but it needs much work
> than just replacing some hash. (And many of those tasks might also
> improve other areas (like http://packages.debian.org/cruft also having
> the problem that packages create so many files and there is no way a
> package can tell such programs where they are).

Reply to: