[buug] Gentoo, Bluecurve and Linux too!
Aaron T Porter
atporter at primate.net
Fri Oct 18 13:26:46 PDT 2002
On Fri, Oct 18, 2002 at 12:59:21PM -0700, Patrick Soltani wrote:
> > and how are you sure the md5 hash hasn't been tampered with?
> > Having an md5 signature is only done on compressed packages
> > (.tar, etc), this usually stops you from doing such things as
> > diffing with older versions. Basically I doubt you would do
> > such a thing without keeping the application tracked with cvs.
> The operative word is "intended". You can run MD5 on binary files and
> is not confined to only compressed files. In fact Solaris has the MD5
> finger prints for ALL the files in the system. I am sure not all of
> them are ".tar, etc"
But that assumes that you've got an MD5 from the "clean" package.
What if J. Random Hacker upoads a new MD5 with their trojaned package?
Where does Solaris get it's MD5 sums that you're checking? RedHat's rpm's
come with md5sums of every file too, rpm --verify is a great tool for
forensics on a cracked system, though it won't help you much if you build
your own stuff.
More information about the buug