Archives
Archives
| From: | Tom Hosiawa <tomek32@××××××.com> | ||
|---|---|---|---|
| To: | gentoo-security@l.g.o | ||
| Subject: | Re: [gentoo-security] tripwire policy generator | ||
| Date: | Thu, 25 Mar 2004 22:50:11 | ||
| Message-Id: | 1080236970.10506.11.camel@newton.tomek.ca | ||
| In Reply to: | Re: [gentoo-security] tripwire policy generator by Michel Wilson |
||
| 1 | > md5sums and mtimes in the portage database can be changed by an |
| 2 | > attacker. Tripwire's signature is encrypted with a password (actually |
| 3 | > with a public/private key encryption method, afaik), so the attacker can |
| 4 | > not change it. |
| 5 | |
| 6 | Yes, but does it also create it own md5sum or does it use something else |
| 7 | for the file signature? |
| 8 | |
| 9 | Tom |
| 10 | |
| 11 | |
| 12 | -- |
| 13 | gentoo-security@g.o mailing list |
| Subject | Author |
|---|---|
| Re: [gentoo-security] tripwire policy generator | Michel Wilson <michel@×××××××.net> |