warning to list
Paul Iadonisi
pri.rhl3 at iadonisi.to
Tue Oct 26 05:20:58 UTC 2004
On Tue, 2004-10-26 at 00:53, Gregory G Carter wrote:
[snip]
> Not something many would like to hear, but I think security in general
> has not improved in computing because we have all of these not required
> methods that make us THINK the code is safe (i.e. Oooo...the package is
> digitally signed so its OK....), but in reality do not address the
> primary issues of why executables are a risk....lack of source code.
[snip]
Interesting. How about this idea for a start.
First, please note that I've added fedora-devel-list as I think this
sub-thread, of sorts, is more on-topic for that list. Please send
followups there. (Dang it! Why doesn't Evolution allow me to add
custom headers?! Argh! Don't answer that...or if you do, please start
a new thread. This one has morphed quite enough, already. :-))
How about this:
1) Build source package.
2) Sign source package.
3) Build binary package.
4) Embed SHA1 hash of signed source package in header of binary package.
(Should be automatically built into the 'rpmbuild --rebuild' command
and equivalents.)
5) Sign binary package.
This would at least help ensure that a particular binary rpm did
indeed come from a particular source package. As it stands, the
SOURCERPM name is stored in the header, but that's not verification,
it's only FYI type info that has no other src.rpm info in it (that I
know of). Of course, with my luck, I'll find it write after hitting
Send for this message.
--
-Paul Iadonisi
Senior System Administrator
Red Hat Certified Engineer / Local Linux Lobbyist
Ever see a penguin fly? -- Try Linux.
GPL all the way: Sell services, don't lease secrets
More information about the test
mailing list