[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security - trust etc.. (Was: Reading e-mails on text mode)

Ok.. so call me cynical etc.

I go to this site, download the .deb's .. How can I be sure they're not

I have nothing against the mirror host in this circumstance, indeed I'm happy
there's a deb to download for PINE (even though I should really learn how to
make a package from a load of source) - however, a question, what is there to
stop someone posting a malicious deb? How can one tell the good from the bad?

I mean, I'm downloading a collection of binaries from a remote site, these
binaries come complete with configs etc. .. One is most often root to install
them .... Is there an equivalent to the multitude of virus scanners etc.
available for the evil Wintel (as opposed to mentel) platform (as opposed to
fortress - bad movie joke :), that will monitor running programs for
suspicious behaviour?

"This program is poking around your login daemon.. shall I let it?"
"This program is modifying inetd.conf - are you absolutely sure?"

Or maybe for those who develop homicidal tendancies when asked, "Are you
sure?" :) :) a log of what the program did? (Now I know very little 'bout
Linux - I'm still learning.. Would a journalling FS such as ReiserFS help in
this regard?) Is something like tripwire (that I've read a few little
bits'n'pieces about) what I need to give me a little reassurance that I'm not
completely placing my machine into the hands of a stranger?

There may, indeed, already be a solution to this - in which case I ask "Where
should I RTFM today?" ;-)

Otherwise it's maybe something people should think about?

I mean I generally get the feeling people around this and other linux related
mailing lists that people really want to help, but I can't help but think that
all of this is placing a lot of trust in people one will never meet and may
indeed never communicate with.

Anyway - I have to finish wallpapering my unit with aluminium foil to stop
signals escaping (*just kidding :) *)

ADF Hogan

----- Original Message -----
From: "John Anderson" <jkanders@alpha.delta.edu>
To: "Ricardo Gabriel Herdt" <ricgh@matrix.com.br>
Cc: <debian-user@lists.debian.org>
Sent: Tuesday, August 22, 2000 3:10 AM
Subject: Re: Reading e-mails on text mode

> You can go to the web site <http://members.mint.net/frodo/pine> and
> download Pine as a .deb file.  Pine is very self explanatory. in the setup
> menu select config then if you have a dialup connection put your isp name
> in the <user domain> option.  If your ISP uses pop3 put {isp
> name/pop3}inbox under <inbox path>.  <http://www.washington.edu/pine> also
> has extensive information on how to set Pine up.

Reply to: