[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please test gzip -9n - related to dpkg with multiarch support

* Lars Wirzenius <liw@liw.fi> [120208 08:58]:
> On Tue, Feb 07, 2012 at 10:49:23PM +0000, Ben Hutchings wrote:
> > But it's worse than this: even if dpkg decompresses before comparing,
> > debsums won't (and mustn't, for backward compatibility).  So it's
> > potentially necessary to fix up the md5sums file for a package
> > installed for multiple architectures, if it contains a file that was
> > compressed differently.
> I'm uncomfortable with the idea of checking checksums only for
> uncompressed data. Compressed files have headers, and at least for
> some formats, it seems those headers can contain essentially
> arbitrary data. This allows compressed files to be modified in
> rather significant ways, without debsums noticing, if debsums
> uncompresses before comparing.

On the other hand most uncompressors silently ignore unexpected
data after end of file markers. So the compressed file is even more
easily tempered with (especially as debsums only stores md5 without
size and md5 does not include the size in the hash like the sha* do.
So if one can append arbitrary stuff, it is easy prey).

But the point is a bit moot, as debsums is not really useful for
security (if you modify files, why not modify the md5sums files, too?).

It is useful for reliability, as it checks for files being corrupted by
bad discs[1], bad memory[1], bad DMA controlers[1], ...

        Bernhard R. Link

[1] Been there, got bitten, learned to love debsums.

Reply to: