On 22.01.2017 12:34, Bernd Zeimetz wrote: > afaik people are criticizing that there are still (only) md5sum files in > /var/lib/dpkg/info. As dpkg --verify uses them, it might indeed make > sense to replace them. > (yes, dpkg is not an IDS, but better than nothing...).
Originally the thread was about hashes in .dscs, but okay. What exactly does that help given that the md5sums can just be modified locally? Right now we don't keep the file size in dpkg's database. We keep md5sums in an easily modifyable place. We don't easily allow people to download just the md5sums information that you'd need to independently verify the files on the system. We could of course start by providing another hash type, but given the purpose for why we have md5sums for installed files in the first place (detecting file corruption and modification of files vs. what has been installed by the package manager) a different hash type is not going to matter. Sure, we could assume for a moment that the attacker could not tamper with the md5sums because the admin implemented an elaborate SELinux-based scheme that denies modification of the md5sum files on disk except when dpkg is invoked. In this case having also the size or a combination of hashes would make me more comfortable. Anyway, that said, is there a bug on this on the dpkg side already? Kind regards Philipp Kern
