On Tue, Feb 07, 2012 at 10:49:23PM +0000, Ben Hutchings wrote: > But it's worse than this: even if dpkg decompresses before comparing, > debsums won't (and mustn't, for backward compatibility). So it's > potentially necessary to fix up the md5sums file for a package > installed for multiple architectures, if it contains a file that was > compressed differently. I'm uncomfortable with the idea of checking checksums only for uncompressed data. Compressed files have headers, and at least for some formats, it seems those headers can contain essentially arbitrary data. This allows compressed files to be modified in rather significant ways, without debsums noticing, if debsums uncompresses before comparing. Further, uncompressors have the potential for security problems. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2624 for example. In other words: debsums needs to decompress to verify that no files have been tampered with, but doing so can invoke an attack. Such an attack may be unlikely, but it would seem to be a better design to not open up the possibility for it. -- http://www.kickstarter.com/projects/docstory/mix-1-2-albanian
Attachment:
signature.asc
Description: Digital signature