Gentoo Archives: gentoo-security

From: Ed Grimm <paranoid@××××××××××××××××××××××.org>
To: shoehn@××××××××××××××××××××.info
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Built in integrity?
Date: Tue, 10 Feb 2004 09:36:46
Message-Id: Pine.LNX.4.58.0402100355200.27144@ybec.rq.iarg
In Reply to: Re: [gentoo-security] Built in integrity? by shoehn@p15138739.pureserver.info
1 On Tue, 10 Feb 2004 shoehn@××××××××××××××××××××.info wrote:
2 > On Mon, 09 Feb 2004 16:14:21 -0800
3 > Joby Walker <zorloc@××××××××.org> wrote:
4 >
5 > [..]
6 >
7 >> They are not discussing the MD5s stored in the portage tree but the MD5s
8 >> that are generated and stored in the CONTENTS files
9 >> (/var/db/pkg/*/*/CONTENTS), which are the compiled binaries.
10 >
11 > I don't consider all these checks very useful. How can I be sure the
12 > files emerge downloaded are really the correct ones? I guess if
13 > someone would try fool me with the help of the portage system he would
14 > change the version of portage with a "bad" one, that would obtain the
15 > "bad" files from an evil server, but with correct MD5 sums. So noone
16 > would realize that unless the tampered copy of portage is detected.
17 >
18 > I would suggest a normal IDS and try to keep the installed program's
19 > integrity in place. The portage's integrity is a really hard to solve
20 > problem, as long as I cannot be sure that the portage binary does what
21 > it is supposed to do.
22
23 A simple solution to this component would be to use PGP, GPG, or X.509
24 crypto signatures instead of MD5 checksums. Admittedly, you still need
25 to worry about how to get a valid copy of the public key to be able to
26 do your verifications. But this reduces it from many acts of blind
27 faith to two - the first in the Gentoo team as a whole, the second on
28 the sig. I'm not sure how to reduce it down to zero.
29
30 Ed
31
32 --
33 gentoo-security@g.o mailing list