Re: Bug#540215: Introduce dh_checksums
On Mon, 2010-03-08 at 19:57 -0800, Russ Allbery wrote:
> Joey Hess <email@example.com> writes:
> > Russ Allbery wrote:
> >> It's also always worth bearing in mind that while a really good
> >> attacker can do all sorts of complex things that make them very hard to
> >> find, most attackers are stupid and straightforward.
> > It's stupid and straightforward to install /usr/local/bin/ls. debsums
> > will not detect it.
> True. Adding new binaries is, in my experience, more common than
> modifying binaries already on the system.
> I don't really mean to be arguing for debsums as a security mechanism,
> more just commenting on the general question. I'm on the side that thinks
> that debsums isn't a horribly useful direction to go for full-blown
> intrusion detection, and that for what it's really useful for right now
> MD5 remains entirely adequate.
How do people know which binaries are still pristine, so they can keep
looking for issues elsewhere? (like added binaries and modified and
insecure configuration file...)
Not everyone uses aide (popcon: 0.49%).
What solution do we have for Joe user (whom did not install aide)?
What's the agenda for squeeze and squeeze+1?
Who is actually stepping up to do the Job?
Please, let's do the easy move *now* for Squeeze, using shasums, and go
ahead later with an even better solution. This transition can be quick,
it will remain quite unnoticed by people that aren't interested, but it
will be appreciated by people who want to use it.
Franklin Piat | The better is the enemy of the good. (Voltaire)