Re: goals for hardening Debian: ideas and help wanted
On Tue, Apr 29, 2014 at 4:22 PM, Marko Randjelovic wrote:
> Cencerely, I never heard about Docker before, I didn't mean
> about VMs and I meant about chrooting. I was thinking about some kind
> of wizard:
>
> - create a chroot if doesn't already exist
> - create a launcher for your DE
> - create a shell script to run a program from terminal or a simple WM
>
> hint: chroot $CHROOT_PATH su - $USER -c "$command_with_args"
Security and chroots aren't things I would associate, you need better.
> I didn't know it, does apt-get/aptitude/synaptic do complete checks?
>
> 1. verify Release file signature
> 2. verify checksums of repo files
> 3. verify checksums of individual .deb files
I expect so.
> I remmember some time ago I edited a file with hexedit (after apt-get
> downloaded it) and tried to install it with apt-get and it didn't
> complain.
That sounds like possibly a bug but if you have an attacker able to
modify files in /var/cache/apt/archives/ you have bigger problems I
expect.
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: