On Wed, Mar 03, 2010 at 03:16:08PM +0100, Bernhard R. Link wrote: > * Harald Braumann <ha...@unheit.net> [100303 14:49]: > > But it would be great if the whole chain, from beginning to end, was > > secured, even against a malicious and presumably very powerful attackers. > > Checksums for files coming from packages is not really useful to defend > against attackers (it's really only reliablity and not security): > > - an attacker can just divert any binary away and put it's own there. It's not about preventing an attack, but detecting it. With cryptographically strong hashes/signatures in place, you can audit the system. Of course you'd have to boot from a trusted medium. How would you do that without signatures?
> - an attacker can just add some additional binary where it will override > another one (/sbin overriding /usr/sbin and so on). > - an attacker can add things to configuration and startup files > (thanks to .d directories you often not even need changing but only > adding files), including search binary or library paths, so one could > add binaries or behaviour changing libraries in directories not > looking that suspicious. Yes, a full IDS needs additional work. It would have to check for files without hashes/signatures and would have to allow you to hash and sign files in /etc, /usr/local, /opt, whatever). > Most of those things can perhaps be fixed, but it needs much work > than just replacing some hash. (And many of those tasks might also > improve other areas (like http://packages.debian.org/cruft also having > the problem that packages create so many files and there is no way a > package can tell such programs where they are). -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100303150337.gc11...@nn.nn
