On Mon, May 24, 1999 at 08:47:00AM -0700, Christoph Lameter wrote: > The md5sums of individual files are not only helpful for security but > for the verification of the integrity of installed files in general. RPM > includes perms etc in their database as well as noted by others before and > I wish we would do that as well. As has been pointed out time and time again, md5sums of individual files are NOT helpful for security in any significant sense. It is as easy to change the contents of something like a debian/md5sums file within a package (or after it has been unpacked onto the system) as it is to change the md5sum of the .deb itself. We do not have a strong way of preventing tampering with the md5sums when the .deb is constructed, and likewise anyone who has sufficient privileges to replace root-owned binary files (in privileged directories) on the system has sufficient privileges to modify md5sum checksum files that refer to the replaced files. Do you assert that an md5sums is a security bonus because an intruder with root privileges may not be aware of the file's existence, and thus fail to remove evidence of his attack? Security only against the ignorant or careless is hardly security at all. Security against intruders who know more about your system than you do is worth something; but this proposal does not provide that. The problem of package authentication has come up time and time again, and adding a debian/md5sums file to a .deb does absolutely nothing to address it. I do not think security is a sound basis for the proposal because the justification lacks merit. I will formally oppose any proposal to require md5sums files within Debian packages unless it makes absolutely clear that they are not a defense against intrusion, but only against "mindless" data corruption like a failing hard disk. -- G. Branden Robinson | Debian GNU/Linux | Music is the brandy of the damned. branden@ecn.purdue.edu | -- George Bernard Shaw cartoon.ecn.purdue.edu/~branden/ |
Attachment:
pgpr5zpgxkYHF.pgp
Description: PGP signature