[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

On Tue, 9 Mar 2010, Joey Hess <joeyh@debian.org> wrote:
> Russ Allbery wrote:
> > The missing link, in this validation scenario, is how to get a signed
> > copy of the MD5 checksums of the files in the package.
> That's one missing link. The other one is that there are innumerable
> ways for an attacker to inject bad behavior/backdoors onto a system
> without touching binaries originating from dpkg. Expecting debsums to
> protect against any form of attack is bound to result in a false sense
> of security; and AFAIK aide makes a credible[1] attempt at solving the
> same problem.

> [1] Though my SWAG is that it's still not complete when you consider
>     the boodloader, permissions of files in /dev, or subtly corrupted
>     partitions.


I blogged about some of these things yesterday.

http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog

Reply to: