[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

Joey Hess <joeyh@debian.org> writes:
> Russ Allbery wrote:

>> It's also always worth bearing in mind that while a really good
>> attacker can do all sorts of complex things that make them very hard to
>> find, most attackers are stupid and straightforward.

> It's stupid and straightforward to install /usr/local/bin/ls. debsums
> will not detect it.

True.  Adding new binaries is, in my experience, more common than
modifying binaries already on the system.

I don't really mean to be arguing for debsums as a security mechanism,
more just commenting on the general question.  I'm on the side that thinks
that debsums isn't a horribly useful direction to go for full-blown
intrusion detection, and that for what it's really useful for right now
MD5 remains entirely adequate.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: