Russ Allbery wrote:
> The missing link, in this validation scenario, is how to get a signed copy
> of the MD5 checksums of the files in the package.
That's one missing link. The other one is that there are innumerable
ways for an attacker to inject bad behavior/backdoors onto a system
without touching binaries originating from dpkg. Expecting debsums to
protect against any form of attack is bound to result in a false sense
of security; and AFAIK aide makes a credible[1] attempt at solving the
same problem.
--
see shy jo, who does not need to be CCed anymore on this thread
[1] Though my SWAG is that it's still not complete when you consider
the boodloader, permissions of files in /dev, or subtly corrupted
partitions.
Attachment:
signature.asc
Description: Digital signature