[sf-lug] about /usr/local and package management
jim at well.com
Wed Oct 18 15:05:20 PDT 2006
best sense i can make of this is you need a
second, trusted machine on which to run
something that can effectively peek into a
'course there's the chicken-egg business--
can you really trust your trusted machine,
even a gentoo-like approach needs a
compiler, can you trust that...? How to get
a trusted machine in the first place (harks
of Asheesh's warnings)?
On Oct 18, 2006, at 2:33 PM, Rick Moen wrote:
> Quoting jim stockford (jim at well.com):
>> On Oct 18, 2006, at 9:54 AM, Rick Moen wrote:
>>>  How to check the security of a system whose software you don't
>>> trust is a non-trivial problem.
>> well, there's downloading the source code, reading every line (and
>> understanding each), and compiling and installing. Seems doable for
>> chkrootkit and the like....
> ...which might suffice if you had any reason to think that the program,
> once run, will do what you think it should, even if the machine is
> compromised. Unfortunately, _if_ the machine is compromised, you
> See the problem?
>> there's md5sum and trusting the maker.
> You cannot trust the output of md5sum if it's running on a compromised
> system. The system controls what md5sum sees, what it does, and what
>> there's trusting the distro.
> Unwise if the reason you're seeking to run chkrootkit is because you
> think your system might be compromised. (If you mean "trust the
> distro's package integrity on its update servers", that's a good start,
> but that still leaves not being able to trust the _system_ on which the
> tool runs.)
>> A NOC guy taught me "trust is efficient". Your tho'ts?
> I'm not sure what the guy meant in context -- but I _do_ know that it
> seems uncommonly silly to run a security-checking tool on a suspect
> (i.e., possibly root-compromised) system and put any faith at all in
> E.g., I have to laugh whenever I hear someone say "Well, I suspected
> that my system was root-compromised, but 'rpm -qa' came up clean."
> (If one suspects root compromise, why then are the contents of
> /var/lib/rpm/* suddenly trustworthy, not to mention /usr/bin/rpm,
> the console support libs, etc.?)
> sf-lug mailing list
> sf-lug at linuxmafia.com
More information about the sf-lug