Re: How reliable is "debsums"?

To: Justin Ryan <justin@gnubian.org>
Cc: debian-security@lists.debian.org, Kristian <kristian@hitech-sanita.it>
Subject: Re: How reliable is "debsums"?
From: Ralf Dreibrodt <rd@mesos.de>
Date: Wed, 25 Sep 2002 11:40:56 +0200
Message-id: <[🔎] 3D9184A8.B4860702@mesos.de>
References: <[🔎] 1032944955.647.7.camel@bobo> <[🔎] 1032946312.27849.15.camel@justin>

Hi,

Justin Ryan wrote:
> 
> Use both!  One advantage of debsums is that you can compare md5sums
> against a package, rather than just the system db.  If you fear that
> something may have been modified, you can download the .deb file and
> bypass anything that an attacker could modify.  Of course, the debsums
> binary could be modified to never report that anything has changed, but
> every little bit helps..

well, just download a modified .deb file and see if the programm says there
has changed something.
in addition i have a tripwire-db, so whenever i want to be really sure, i
can boot from cd-rom and compare the harddisk with my tripwire-db, which is
not on the harddisc.

Regards,
Ralf Dreibrodt

Reply to:

References:
- How reliable is "debsums"?
  - From: Kristian <kristian@hitech-sanita.it>
- Re: How reliable is "debsums"?
  - From: Justin Ryan <justin@gnubian.org>

Prev by Date: Re: How reliable is "debsums"?
Next by Date: zmiana adresu mail
Previous by thread: Re: How reliable is "debsums"?
Next by thread: Re: How reliable is "debsums"?
Index(es):
- Date
- Thread