Re: who owns the ports?

To: debian-security@lists.debian.org
Subject: Re: who owns the ports?
From: Wade Richards <wrichard@direct.ca>
Date: Thu, 08 Feb 2001 15:04:23 -0800
Message-id: <E14R076-0001j2-00@coffee.dyndns.org>
In-reply-to: <Pine.LNX.4.21.0102081102180.1879-100000@capitanata.ca.astro.it>

All this discussion about the possibility of "script kiddies" installing
root kits, and overwriting various important system files, makes me think
of a useful potential feature.  And since this is Debian, I figure there's
a good chance that this useful feature already exists, and I just don't
know about it.

I've got a rescue CD with most of the packages on it, and most(*) of
those packages include MD5 sums for all the files.

There should be a way to, after booting up on my rescue CD, check all
my files against the MD5 checksums on the CD (ignoring the conffiles,
of course).

Better yet, for the packages that are not on my CD, it could get the
MD5s from the FTP archive.

Does anyone know of such a feature already in the rescue disks?

Thanks,

	--- Wade

(*)On a slightly off-topic topic, why is it that only most of the packages
contain MD5 checksums?	Is the package maintainer required to do this,
or can it be done auto-magically when a package is uploaded?

Reply to:

Follow-Ups:
- Re: who owns the ports?
  - From: Rolf Kutz <kutz@gmx.de>

References:
- Re: who owns the ports?
  - From: Giacomo Mulas <gmulas@ca.astro.it>

Prev by Date: Re: Apt-get package verification
Next by Date: Re: who owns the ports?
Previous by thread: Re: who owns the ports?
Next by thread: Re: who owns the ports?
Index(es):
- Date
- Thread