On Tue, Jun 19, 2001 at 10:09:51AM +0200, Christian Jaeger wrote: > At 2:17 Uhr +0200 19.6.2001, Ethan Benson wrote: > >what if the attacker can poisen your DNS, or routing tables? then he > >can trick apt into downloading his 37337 `security update' (more like > >unsecurity update heh) > > Yes, but that's a problem anyway, isn't it? In fact it's a question I yup, im just pointing out that a hole in lids is a hole for both attackers and the admin. no way around it. generally someone with root on your box will be able to mess around with routing tables and dns poisening easier then one without. (depends though). > have about debian (I'm relative newbie to debian): is there no way to > make .deb's with signatures? Do I have to parse the security-announce there is now, but nobody signs .debs yet. the Release file is now signed (it contains md5s of all Packages files which in turn contain md5s of all .debs). > list mail to get signed md5 hashes to check the downloaded deb's? If > so, is there no script doing this already? If yes, the I just wrap > this one, so the cracker could merely prevent updates from taking > place successfully. well if .debs end up getting gpg signatures apt-get install debsig-verify or something like that in woody (don't right now since it breaks dpkg since no debs are signed). all the details on this have not yet been worked out, i would hope it will get worked and implemented by woody release. > >get root, run passwd root, ssh in. > > But if the passwd command doesn't itself have the rights to access > /etc/shadow but only the root login shell has (which only runs if > called through sshd), then the cracker would have to know your root > passwd before being able to change it. passwd not being able to update /etc/shadow would be a very bad thing since users would be unable to change thier own passwords. users need to be encouraged to change thier passwords, not discouraged. i don't think you can really modify passwd to be that granular about ssh vs other methods of access. im still not convinced you could prevent root from sshing to himself. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgprO0a1SdPJk.pgp
Description: PGP signature