On 11/05/2015 9:35 AM, Tal Galili wrote:
Hi Duncan,
Thank you for the clarification. :)
I ended up removing these files from being scanned in the updated
version of installr. I would rather focus on supporting an MD5 scan
that is based on what is listed in MD5 file itself (ignoring
exceptions that are not clearly stated in the file).
I'm not sure what the purpose is of your test, but if it is to detect
modified files, that might not be a good strategy. A malicious agent
could install fake bin/R.exe or bin/Rscript.exe and not be caught.
Of course, if they knew to modify those two files but not any others,
they would know enough to also install a fake MD5 file, and then there's
basically nothing you could do.
Duncan
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
