| 1 |
On Tue, 10 Feb 2004 04:30:40 -0500 (EST) |
| 2 |
Ed Grimm <paranoid@××××××××××××××××××××××.org> wrote: |
| 3 |
[...] |
| 4 |
> A simple solution to this component would be to use PGP, GPG, or X.509 |
| 5 |
> crypto signatures instead of MD5 checksums. Admittedly, you still need |
| 6 |
> to worry about how to get a valid copy of the public key to be able to |
| 7 |
> do your verifications. But this reduces it from many acts of blind |
| 8 |
> faith to two - the first in the Gentoo team as a whole, the second on |
| 9 |
> the sig. I'm not sure how to reduce it down to zero. |
| 10 |
|
| 11 |
That's better than simple MD5, but not really a solution, if the modified portage binary pretends to check |
| 12 |
the signature, but does not do that? You are in trouble then! |
| 13 |
|
| 14 |
You would have to check the packages manually with an gpg version on an write-protected medium like a |
| 15 |
cd-rom. |
| 16 |
|
| 17 |
I consider the portage system as it is quite secure now. MD5 is alright, as long as the system has an |
| 18 |
untampered portage binary. |
| 19 |
|
| 20 |
Integrity problems are among the most difficult ones to solve as long as you consider a possible attacker to |
| 21 |
have gained root access to your machine (I did some research in this area at university and a speaker at the |
| 22 |
"Integrity and Internal Control in Information Systems, so I know these problems rather well). |
| 23 |
|
| 24 |
I guess the portage system itself is rather good, you should not concentrate on the portage's integrity but |
| 25 |
on the integrity of the system as a whole. |
| 26 |
|
| 27 |
- |
| 28 |
Sebastian |
| 29 |
|
| 30 |
-- |
| 31 |
gentoo-security@g.o mailing list |
Archives