1 |
On Thursday 25 March 2004 22:05, Sandino Araico Sánchez wrote: |
2 |
> |
3 |
> It should be possible to add a feature to emerge that updates installed |
4 |
> packages MD5 to the tripwire database so the next time tripwire runs it |
5 |
> doesn't report false positives. |
6 |
|
7 |
But the same methodology used to update the tripwire database from emerge |
8 |
could be exploited by attackers to update the database by hand (a silently |
9 |
compromised protected system is more dangerous than a silently compromised |
10 |
unprotected one). Unless some sort of very very imaginative key pair is |
11 |
created to ensure a secure and limited interaction between tripwire and |
12 |
emerge. |
13 |
|
14 |
> |
15 |
> >Michel Wilson. |
16 |
|
17 |
-- |
18 |
Lars Goldschlager |
19 |
=========================== |
20 |
Software Engineer. |
21 |
Telephony Business Group. |
22 |
IFX Networks. |
23 |
--------------------------- |
24 |
Sysadmin. |
25 |
IFX Networks. Venezuela. |
26 |
=========================== |
27 |
lg@×××××××××.ve |
28 |
+58-212-952-3655. Ext. 109. |