1 |
On Tue, 10 Feb 2004 shoehn@××××××××××××××××××××.info wrote: |
2 |
> On Mon, 09 Feb 2004 16:14:21 -0800 |
3 |
> Joby Walker <zorloc@××××××××.org> wrote: |
4 |
> |
5 |
> [..] |
6 |
> |
7 |
>> They are not discussing the MD5s stored in the portage tree but the MD5s |
8 |
>> that are generated and stored in the CONTENTS files |
9 |
>> (/var/db/pkg/*/*/CONTENTS), which are the compiled binaries. |
10 |
> |
11 |
> I don't consider all these checks very useful. How can I be sure the |
12 |
> files emerge downloaded are really the correct ones? I guess if |
13 |
> someone would try fool me with the help of the portage system he would |
14 |
> change the version of portage with a "bad" one, that would obtain the |
15 |
> "bad" files from an evil server, but with correct MD5 sums. So noone |
16 |
> would realize that unless the tampered copy of portage is detected. |
17 |
> |
18 |
> I would suggest a normal IDS and try to keep the installed program's |
19 |
> integrity in place. The portage's integrity is a really hard to solve |
20 |
> problem, as long as I cannot be sure that the portage binary does what |
21 |
> it is supposed to do. |
22 |
|
23 |
A simple solution to this component would be to use PGP, GPG, or X.509 |
24 |
crypto signatures instead of MD5 checksums. Admittedly, you still need |
25 |
to worry about how to get a valid copy of the public key to be able to |
26 |
do your verifications. But this reduces it from many acts of blind |
27 |
faith to two - the first in the Gentoo team as a whole, the second on |
28 |
the sig. I'm not sure how to reduce it down to zero. |
29 |
|
30 |
Ed |
31 |
|
32 |
-- |
33 |
gentoo-security@g.o mailing list |