Re: Bug#540215: Introduce dh_checksums

To: debian-devel@lists.debian.org
Subject: Re: Bug#540215: Introduce dh_checksums
From: Russ Allbery <rra@debian.org>
Date: Mon, 08 Mar 2010 19:57:52 -0800
Message-id: <[🔎] 87d3zeuoxr.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20100309034954.GA4125@gnu.kitenet.net> (Joey Hess's message of "Mon, 8 Mar 2010 22:49:54 -0500")
References: <[🔎] slrnhosifd.rmi.trash@kelgar.0x539.de> <[🔎] 1267650344.8266.262.camel@solid.paris.klabs.be> <[🔎] 87bpf3vrai.fsf@qurzaw.linpro.no> <[🔎] 1268066168.21347.9661.camel@solid.paris.klabs.be> <[🔎] 87wrxmbkdn.fsf@windlord.stanford.edu> <[🔎] 1268085864.21347.11498.camel@solid.paris.klabs.be> <[🔎] 87d3zea1fu.fsf@windlord.stanford.edu> <[🔎] 20100308225913.GA25043@gnu.kitenet.net> <[🔎] 20100309033842.GB15017@nn.nn> <[🔎] 87k4tmupju.fsf@windlord.stanford.edu> <[🔎] 20100309034954.GA4125@gnu.kitenet.net>

Joey Hess <joeyh@debian.org> writes:
> Russ Allbery wrote:

>> It's also always worth bearing in mind that while a really good
>> attacker can do all sorts of complex things that make them very hard to
>> find, most attackers are stupid and straightforward.

> It's stupid and straightforward to install /usr/local/bin/ls. debsums
> will not detect it.

True.  Adding new binaries is, in my experience, more common than
modifying binaries already on the system.

I don't really mean to be arguing for debsums as a security mechanism,
more just commenting on the general question.  I'm on the side that thinks
that debsums isn't a horribly useful direction to go for full-blown
intrusion detection, and that for what it's really useful for right now
MD5 remains entirely adequate.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Bug#540215: Introduce dh_checksums
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Anthony Towns <aj@erisian.com.au>

References:
- Re: md5sums files
  - From: Philipp Kern <trash@philkern.de>
- Re: md5sums files
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: md5sums files
  - From: Tollef Fog Heen <tfheen@err.no>
- Bug#540215: Introduce dh_checksums
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Joey Hess <joeyh@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Bug#540215: Introduce dh_checksums
Next by Date: Re: Has Debian abandoned Python?
Previous by thread: Re: Bug#540215: Introduce dh_checksums
Next by thread: Re: Bug#540215: Introduce dh_checksums
Index(es):
- Date
- Thread