I have now done the check from a boot DVD: clean, but as already noted,
there are places it doesn't check.
On 16/08/2019 20:14, Elmar Stellnberger wrote:
Concerning your program I
have seen that it uses /var/lib/dpkg/info/$2.md5sums. This is inherently
unsafe because an attacker can simply alter this file alongside with all
the other altered file.
Only as a better-than-nothing method if the .deb isn't cached - if it is
(which it is on my system), it checks the whole hash tree (which uses
sha256) up to the Release signature (using the debian-archive-keyring
from the checker DVD if you're using one).
Manual hash lists are also supported.
Read only switches are a security feature
because you can read the content without the fear that it may be
altered.[...] The read-only switch makes
it as safe as a read only burnt dvd.
The physical read-only switch on SD cards isn't: it's enforced at
software level, not hardware level.
https://en.wikipedia.org/wiki/SD_card#Card_security
Downloads can and often are impersonated if you do not use tor so that
you will be shipped the malwared-packages for comparence instead of the
original ones.
apt (by default) won't install packages with a bad signature: are you
claiming to have seen fake packages _with a valid signature_, or are you
referring to downloads of something other than Debian packages?
(I haven't read your links: as I don't have proof of who you are, doing
so would itself be a security risk.)
