On Mon, Mar 08, 2010 at 10:49:54PM -0500, Joey Hess wrote: > Russ Allbery wrote: > > It's also always worth bearing in mind that while a really good attacker > > can do all sorts of complex things that make them very hard to find, most > > attackers are stupid and straightforward. > > It's stupid and straightforward to install /usr/local/bin/ls. debsums > will not detect it.
And it's as straightforward to find files which don't belong to any package and have some other means in place to check locally generated files. If I understand you correctly, you argue that one would need some IDS anyway to cover all files, and that could then be used also to verify package files. Therefore making file signatures in packages superfluous. I think I could agree with that. On the other hand, I tend to keep /usr/local clean and create packages for for home-grown software. If you do this consistently, you'd get a system where you could verify all files without additional software (modulo the script that checks for surplus files). More important would be package signatures, anyway, because currently there is no way to verify a package. I work with testing/unstable a lot and often I have deb files lying around are not in any Release, so there is no way of verifying them. harry -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100309125920.gc15...@nn.nn
