[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Have I caught a firmware attack in the act? Or am I just paranoid?

I have now done the check from a boot DVD: clean, but as already noted, there are places it doesn't check.

On 16/08/2019 20:14, Elmar Stellnberger wrote:
Concerning your program I have seen that it uses /var/lib/dpkg/info/$2.md5sums. This is inherently unsafe because an attacker can simply alter this file alongside with all the other altered file.

Only as a better-than-nothing method if the .deb isn't cached - if it is (which it is on my system), it checks the whole hash tree (which uses sha256) up to the Release signature (using the debian-archive-keyring from the checker DVD if you're using one).

Manual hash lists are also supported.

Read only switches are a security feature because you can read the content without the fear that it may be altered.[...] The read-only switch makes it as safe as a read only burnt dvd.

The physical read-only switch on SD cards isn't: it's enforced at software level, not hardware level.


Downloads can and often are impersonated if you do not use tor so that you will be shipped the malwared-packages for comparence instead of the original ones.

apt (by default) won't install packages with a bad signature: are you claiming to have seen fake packages _with a valid signature_, or are you referring to downloads of something other than Debian packages?

(I haven't read your links: as I don't have proof of who you are, doing so would itself be a security risk.)

Reply to: