Gentoo Archives: gentoo-security

From: shoehn@××××××××××××××××××××.info
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Built in integrity?
Date: Tue, 10 Feb 2004 09:55:38
1 On Tue, 10 Feb 2004 04:30:40 -0500 (EST)
2 Ed Grimm <paranoid@××××××××××××××××××××××.org> wrote:
3 [...]
4 > A simple solution to this component would be to use PGP, GPG, or X.509
5 > crypto signatures instead of MD5 checksums. Admittedly, you still need
6 > to worry about how to get a valid copy of the public key to be able to
7 > do your verifications. But this reduces it from many acts of blind
8 > faith to two - the first in the Gentoo team as a whole, the second on
9 > the sig. I'm not sure how to reduce it down to zero.
11 That's better than simple MD5, but not really a solution, if the modified portage binary pretends to check
12 the signature, but does not do that? You are in trouble then!
14 You would have to check the packages manually with an gpg version on an write-protected medium like a
15 cd-rom.
17 I consider the portage system as it is quite secure now. MD5 is alright, as long as the system has an
18 untampered portage binary.
20 Integrity problems are among the most difficult ones to solve as long as you consider a possible attacker to
21 have gained root access to your machine (I did some research in this area at university and a speaker at the
22 "Integrity and Internal Control in Information Systems, so I know these problems rather well).
24 I guess the portage system itself is rather good, you should not concentrate on the portage's integrity but
25 on the integrity of the system as a whole.
27 -
28 Sebastian
30 --
31 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Built in integrity? "Matthias F. Brandstetter" <haimat@××××.at>