| 1 |
Mark Guertin wrote: |
| 2 |
|
| 3 |
> On 9-Feb-04, at 6:12 PM, J Holder wrote: |
| 4 |
> |
| 5 |
>>> could these md5's be used? maybe have portage make the files immutable, |
| 6 |
>> |
| 7 |
>> and find some way to protect them from anyone but root, since if they've |
| 8 |
>> got root i doubt they would be going to all the trouble of doing that, |
| 9 |
>> unless they want to use your box as a hole for something else, maybe a |
| 10 |
>> way to keep those hashes on some type of removable media? usb flash |
| 11 |
>> devices and such anyone? maybe a floppy for just the binutils and such? |
| 12 |
> |
| 13 |
> |
| 14 |
> Tracking the MD5 sums that are stored wouldn't be very useful here. |
| 15 |
> They are for the source files only (and not the actual binaries that |
| 16 |
> would be replaced in the event of rooting). |
| 17 |
> |
| 18 |
|
| 19 |
Mark, |
| 20 |
|
| 21 |
They are not discussing the MD5s stored in the portage tree but the MD5s |
| 22 |
that are generated and stored in the CONTENTS files |
| 23 |
(/var/db/pkg/*/*/CONTENTS), which are the compiled binaries. |
| 24 |
|
| 25 |
jbw |
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
gentoo-security@g.o mailing list |
Archives