On Mon, 11 Feb 2002, Manoj Srivastava wrote:
> Only if the machine _has_ remained true to a known
> release. Unfortunately, a large class of machines are selectively
> upgraded. My contention is that the granularity of a Pavckage is a
There are significant number of security wary people
>>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
Jason> On Sat, 9 Feb 2002, Manoj Srivastava wrote:
Jason> With my scheme you check the Package/Relase files that you
Jason> kept (optional, of course) and you will detect this right
Jason> away.
>>
>> How shall you detect the ssh is b
On Sat, 9 Feb 2002, Manoj Srivastava wrote:
> Jason> With my scheme you check the Package/Relase files that you
> Jason> kept (optional, of course) and you will detect this right
> Jason> away.
>
> How shall you detect the ssh is buggy? (We both can identify
> ssh being replaced, neith
>>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
>> nowhere. The state of the machine is still unknown. As a cracker, the
>> minute I replace ssh, I'll go and change the file list (as you said,
>> maybe easy to compute). No signature, heh heh. No packages file
>> anymore. heh heh.
J
On Fri, 8 Feb 2002, Manoj Srivastava wrote:
> >>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
> Jason> If you keep the package files as you said then it all works exactly
> the
> Jason> same way as signing the individual filelists.
>
> Not quite the same. It adds complexity, i
>>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
Jason> On Fri, 8 Feb 2002, Manoj Srivastava wrote:
>> Could I keep Packages file and the Release files? Sure. Way
>> more bloat. A simple signed file list is smaller, and less prone to
>> error. And unless you mean to keep track of which
On Fri, 8 Feb 2002, Jason Gunthorpe wrote:
> Dpkg has an internal tar for extraction, and it now has a configration
> file, it should be trivial to have it optionally write out the file list
> data - someone make a patch already :P Heck, I'll even make a reference
> deb->file list converter if it
On Fri, 8 Feb 2002, Manoj Srivastava wrote:
> Could I keep Packages file and the Release files? Sure. Way
> more bloat. A simple signed file list is smaller, and less prone to
> error. And unless you mean to keep track of which Packages files to
> remove, man, it would get insane.
It wo
>>"Joey" == Joey Hess <[EMAIL PROTECTED]> writes:
Joey> Manoj Srivastava wrote:
>> In order to verify that the system is not compromised, at the
>> very least you need to have the hash file cryptographically
>> signed.
Joey> Sigh. Every time this issue comes off people wander off onto
Joey
> debian-binary
> control.tar.gz
> data.tar.gz
> filelist.gz
> detatched-sig-of-filelist.gz
> detatched-sig-of-the-whole-deb
This is what I was thinking as well.
The current dpkg-deb is sub-optimal, however, for making this md5sum list. It
uses external tar to make data.tar.gz, which means each
Manoj Srivastava wrote:
> In order to verify that the system is not compromised, at the
> very least you need to have the hash file cryptographically
> signed.
Sigh. Every time this issue comes off people wander off onto areas of
security. People *don't* use this for security, unless they
>>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
Jason> On Thu, 7 Feb 2002, Manoj Srivastava wrote:
>> If you have a broken dpkg/md5sum on the machine, the only way
>> to detect that after booting from known secure media (like a cdrom
>> you have audited) is if the hash file were gener
On Thu, 7 Feb 2002, Manoj Srivastava wrote:
> If you have a broken dpkg/md5sum on the machine, the only way
> to detect that after booting from known secure media (like a cdrom
> you have audited) is if the hash file were generated (and known not
> to be tampered because if a cryptograph
>>"Jason" == Jason Gunthorpe <[EMAIL PROTECTED]> writes:
Jason> debsums is a poor and incomplete solution. The best thing is
Jason> to have dpkg compute+store the same data when the package is
Jason> unpacked on the fly. Then we don't bloat the archive, the
Jason> feature can be turned on/off,
>>"Matthew" == Matthew Wilcox <[EMAIL PROTECTED]> writes:
Matthew> All rpm-based systems support rpm --verify. Having debsums
Matthew> support optional makes debian an inferior distribution in
Matthew> this aspect. Making DEBIAN/md5sums required rather than
Matthew> optional would rectify th
On Thu, 7 Feb 2002, Matthew Wilcox wrote:
> All rpm-based systems support rpm --verify. Having debsums support
> optional makes debian an inferior distribution in this aspect. Making
> DEBIAN/md5sums required rather than optional would rectify this situation.
debsums is a poor and incomplete s
Package: debian-policy
Version: 3.5.6.0
Severity: normal
All rpm-based systems support rpm --verify. Having debsums support
optional makes debian an inferior distribution in this aspect. Making
DEBIAN/md5sums required rather than optional would rectify this situation.
--
Revolutions do not re
17 matches
Mail list logo
