Re: Bug#540215: Introduce dh_checksums
Joey Hess <email@example.com> writes:
> Russ Allbery wrote:
>> It's also always worth bearing in mind that while a really good
>> attacker can do all sorts of complex things that make them very hard to
>> find, most attackers are stupid and straightforward.
> It's stupid and straightforward to install /usr/local/bin/ls. debsums
> will not detect it.
True. Adding new binaries is, in my experience, more common than
modifying binaries already on the system.
I don't really mean to be arguing for debsums as a security mechanism,
more just commenting on the general question. I'm on the side that thinks
that debsums isn't a horribly useful direction to go for full-blown
intrusion detection, and that for what it's really useful for right now
MD5 remains entirely adequate.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>