[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: goals for hardening Debian: ideas and help wanted

On Tue, Apr 29, 2014 at 4:22 PM, Marko Randjelovic wrote:

> Cencerely, I never heard about Docker before, I didn't mean
> about VMs and I meant about chrooting. I was thinking about some kind
> of wizard:
>
> - create a chroot if doesn't already exist
> - create a launcher for your DE
> - create a shell script to run a program from terminal or a simple WM
>
> hint: chroot $CHROOT_PATH su - $USER -c "$command_with_args"

Security and chroots aren't things I would associate, you need better.

> I didn't know it, does apt-get/aptitude/synaptic do complete checks?
>
> 1. verify Release file signature
> 2. verify checksums of repo files
> 3. verify checksums of individual .deb files

I expect so.

> I remmember some time ago I edited a file with hexedit (after apt-get
> downloaded it) and tried to install it with apt-get and it didn't
> complain.

That sounds like possibly a bug but if you have an attacker able to
modify files in /var/cache/apt/archives/ you have bigger problems I
expect.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
Reply to: