Re: Bug#540215: Introduce dh_checksums

To: debian-devel@lists.debian.org
Subject: Re: Bug#540215: Introduce dh_checksums
From: "Bernhard R. Link" <brlink@debian.org>
Date: Tue, 9 Mar 2010 14:24:33 +0100
Message-id: <[🔎] 20100309132432.GA30790@pcpool00.mathematik.uni-freiburg.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20100309125920.GC15017@nn.nn>
References: <[🔎] 87bpf3vrai.fsf@qurzaw.linpro.no> <[🔎] 1268066168.21347.9661.camel@solid.paris.klabs.be> <[🔎] 87wrxmbkdn.fsf@windlord.stanford.edu> <[🔎] 1268085864.21347.11498.camel@solid.paris.klabs.be> <[🔎] 87d3zea1fu.fsf@windlord.stanford.edu> <[🔎] 20100308225913.GA25043@gnu.kitenet.net> <[🔎] 20100309033842.GB15017@nn.nn> <[🔎] 87k4tmupju.fsf@windlord.stanford.edu> <[🔎] 20100309034954.GA4125@gnu.kitenet.net> <[🔎] 20100309125920.GC15017@nn.nn>

* Harald Braumann <harry@unheit.net> [100309 13:59]:
> On Mon, Mar 08, 2010 at 10:49:54PM -0500, Joey Hess wrote:
> > Russ Allbery wrote:
> > > It's also always worth bearing in mind that while a really good attacker
> > > can do all sorts of complex things that make them very hard to find, most
> > > attackers are stupid and straightforward.
> >
> > It's stupid and straightforward to install /usr/local/bin/ls. debsums
> > will not detect it.
>
> And it's as straightforward to find files which don't belong to any
> package and have some other means in place to check locally generated
> files.

It it's that straight forward, please help with the cruft package.
Last time I looked (several years ago) it was severly limited by that
problem (there not being a way to know which files should be there and
which not).

I personally think without something in this direction, intrusion
detection based on file lists is not really possible.

Hochachtungsvoll,
	Bernhard R. Link
-- 
"Never contain programs so few bugs, as when no debugging tools are available!"
	Niklaus Wirth

Reply to:

Follow-Ups:
- Re: Bug#540215: Introduce dh_checksums
  - From: Jean-Christophe Dubacq <jcdubacq1@free.fr>

References:
- Re: md5sums files
  - From: Tollef Fog Heen <tfheen@err.no>
- Bug#540215: Introduce dh_checksums
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Joey Hess <joeyh@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Joey Hess <joeyh@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>

Prev by Date: Re: Bug#540215: Introduce dh_checksums
Next by Date: Re: Bug#540215: Introduce dh_checksums
Previous by thread: Re: Bug#540215: Introduce dh_checksums
Next by thread: Re: Bug#540215: Introduce dh_checksums
Index(es):
- Date
- Thread