nate wrote:
Bob Paige said:I am curious about how secure the apt-get system is; is it possible to spoof a debian server and thus send compromised updates to a given machine?If you have 3rd party apt sources in your sources.list it is very easy to spoof an update. Which is one reason I don't have 3rd party sources, a couple years back I had I think kde.tdyc.com for KDE updates on potato, and for some 4#!# reason whoever runs the mirror put a new version of SSH on there, I managed to catch it quickly when my SSH settings broke a few minutes later.
But in your case, the maintainer put up some bogus packages.What I'm really thinking about is the appropriateness of using Debian for a Linux-based appliance. At my work they have Linux appliances, but they are always based on RedHat. I would think the apt-get functionality would be much more reliable than RPM-hell.
In the debian-appliance scenario I don't think you'd want to use the standard debian sources. Rather, you'd want to control them, for example the manufacturer of the appliance could run a server of approved/tested updates. That way we could provide application updates in addition to security updates to a customer box.
So, what is the chance that someone could spoof access to an update server? Does apt-get provide some sort of security (i.e. ssh connection to the server, or digital signatures on the packages)?
it would be nice if there was a setting to set priority to certain sites. e.g. do not update ANY packages that are installed unless they come from X site. or maybe better, ONLY allow X packages to be installed from this mirror.
Doesn't apt_preferences do this? I've only used it a little bit.
Or if the number of packages to install is small enough, just download them and install them.when I do need 3rd party sources I add them, do the update/install carefully then remove them and run update again so the cache is flushed.
-- Bobman