Re: Bug#540215: Introduce dh_checksums
* Harald Braumann <email@example.com> [100309 13:59]:
> On Mon, Mar 08, 2010 at 10:49:54PM -0500, Joey Hess wrote:
> > Russ Allbery wrote:
> > > It's also always worth bearing in mind that while a really good attacker
> > > can do all sorts of complex things that make them very hard to find, most
> > > attackers are stupid and straightforward.
> > It's stupid and straightforward to install /usr/local/bin/ls. debsums
> > will not detect it.
> And it's as straightforward to find files which don't belong to any
> package and have some other means in place to check locally generated
It it's that straight forward, please help with the cruft package.
Last time I looked (several years ago) it was severly limited by that
problem (there not being a way to know which files should be there and
I personally think without something in this direction, intrusion
detection based on file lists is not really possible.
Bernhard R. Link
"Never contain programs so few bugs, as when no debugging tools are available!"