| |||||||||||||
FOSDEM: Multiarch on Debian and UbuntuFOSDEM: Multiarch on Debian and UbuntuPosted Mar 1, 2012 12:11 UTC (Thu) by elanthis (guest, #6227)In reply to: FOSDEM: Multiarch on Debian and Ubuntu by pagerc Parent article: FOSDEM: Multiarch on Debian and Ubuntu
That significantly complicates -- and to a degree undermines -- the ability for packages to utilize signing of installed components for verification of a system.
The files created by a package should not be modified for any reason. I should be able to do a package verification and check the checksums of the installed components.
It would be possible to update the package database with modified checksums of binaries that are "patched" by a fatelf system, but then that reduces the overall safety. Then I would only be able to check a potentially compromised system's filesystem using data that only exists in the potentially compromised system's filesystem. Without modifying binaries, I can grab the upstream original verified out-of-band package and compare its checksums directly to those on the system's filesystem image.
Yes, I realize that prelink already screws up most of this. I'm not sure if prelink is still commonly used (faster linkers like gold and strict symbol visibility control can reduce the need for prelinking, and address space randomization should be part of the dynamic loader, but maybe Linux distros haven't caught up yet).
(Log in to post comments)
FOSDEM: Multiarch on Debian and Ubuntu Posted Mar 1, 2012 16:02 UTC (Thu) by nix (subscriber, #2304) [Link]
prelink only screws this up if your checksummer doesn't know about prelink's --verify, --md5 or --sha options.
FOSDEM: Multiarch on Debian and Ubuntu Posted Mar 3, 2012 10:02 UTC (Sat) by TRS-80 (subscriber, #1804) [Link]
Unrelated, but I wanted to draw your attention to http://lwn.net/Articles/485008/ as I presume your email reply notification window has expired.
|
|||||||||||||