On Tue, 9 Mar 2010, Joey Hess <jo...@debian.org> wrote: > Russ Allbery wrote: > > The missing link, in this validation scenario, is how to get a signed > > copy of the MD5 checksums of the files in the package. > > That's one missing link. The other one is that there are innumerable > ways for an attacker to inject bad behavior/backdoors onto a system > without touching binaries originating from dpkg. Expecting debsums to > protect against any form of attack is bound to result in a false sense > of security; and AFAIK aide makes a credible[1] attempt at solving the > same problem.
> [1] Though my SWAG is that it's still not complete when you consider > the boodloader, permissions of files in /dev, or subtly corrupted > partitions. http://etbe.coker.com.au/2010/03/08/designing-secure-linux/ I blogged about some of these things yesterday. -- russ...@coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201003091114.23871.russ...@coker.com.au
