FC12: Hidden files in /usr/bin/*

[Peter Robinson]

On Fri, Jan 22, 2010 at 4:11 PM, Ralf Corsepius <rc040203 at freenet.de> wrote:

> On 01/22/2010 04:24 PM, Przemek Klosowski wrote:
> > On 01/22/2010 07:53 AM, Ralf Corsepius wrote:
> >> On 01/22/2010 01:22 PM, Tomas Mraz wrote:
> >
> >>> These are checksums required by FIPS-140-2 integrity verification
> checks
> >>> of the fipscheck and ssh binaries.
> >>
> >> I.e. package data.
> >>
> >> =>   These packages are non-FHS compliant and qualify as broken.
> >
> > I don't believe so---it's not my line of business but I understand that
>
> I do ... and as a member of the FPC, I do have a strong opinion on this.
>
> > - in some circumstances (government, regulated companies) encryption
> >     must be certified to the FIPS 140-2 standard
>
> I don't know this "standard".
>
> > - on Linux encryption (https, ssh) is handled by OpenSSL, which went
> >     through the FIPS certification process
> >
> > - one of the conditions of FIPS certification is a capability for
> >     run-time consistency checks, hence the fipscheck package
> >
> > - the fipscheck package checks against the checksums stored in the
> >     .XXX.hmac files, therefore those files are required if a system needs
> >     to be FIPS-compliant.
> >
> > Having said that, I don't understand how does this scheme prevent
> > someone from subverting the executable and creating a matching .hmac
> > file, so that the fipscheck fails to see the problem.
>
> May-be this "fips standard" collides with the FHS, may-be this standard
> is defective?
>
> Do you have a pointer/reference to this "standard"? Does it really
> mandate pollution /usr/bin and thus $PATH?
>

Google returns http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

It security standard which has nothing to do directly with Linux so its
unlikely to refer to the FHS.

Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/devel/attachments/20100122/a8b9fa2f/attachment.html