[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debsums fun

On 2008-10-27 08:24 +0100, David Baron wrote:

> The newest debsums from Sid can do a daily check for md5 disagreement. Useful 
> for security?

Not really.  An attacker that can modify system files can and will also
update the md5sums under /var/lib/dpkg/info.  Besides, scanning each and
every installed file takes _really_ long, so it is not recommended to
run this daily.

> This check flags a load of missing files which are either obsolete -- maybe I 
> once had 'em but they are long gone -- or ... I never had 'em.
>
> Two prime examples: 
>
> The former, Sun Java 1.5 stuff. Has been superseded by 1.6 and this was always 
> be Sun's installation rather than anything from Debian. The latter 
> /usr/loca/Adobe . . . acrobat stuff. I never had a local version. Most entries 
> seem to be  internationalization stuff.

Do you have localepurge installed?  It will delete many l10n files that
debsums will report then.

> There is a (now empty) /etc/debsums-ignore. If this can be set to exclude 
> directories, I can easily suppress the check on these files.

That's not how it works, unfortunately.  These files will still be
checked, only the final output is filtered.  Have a look at debsums'
cron script to convince yourself if you don't trust me.

> Question is where 
> the program gets the info to look for them in the first place?

>From the *.md5sums files under /var/lib/dpkg/info.

Sven
Reply to: