F17 Beta DVD install options
John Morris
jmorris at beau.org
Thu Apr 19 02:19:18 UTC 2012
On Thu, 2012-04-19 at 02:30 +0100, Adam Williamson wrote:
> > And rpm -Va doesn't
> > show anything nasty in the packages that would give an intruder an in.
>
> If someone's owned the machine, they can make rpm -Va say whatever they
> like.
Which brings up a good point. I know that the only way to be sure is
booting the machine from a known good[1] rescue media and then check
with a copy of RPM running from there using the --root option to point
at the suspect filesystem to ensure the system's rpm binary isn't
trojaned or the kernel patched to show the original executables to rpm.
And even then a REAL enemy would exploit a zero day buffer overflow in
rpm via the infected rpm database.
On the other hand, has there ever been a real case found in the wild of
an infestation that was so good at covering its tracks? The security
problems I saw in the past were the crudest script kiddies and I haven't
even seen one of those attacks succeed since the 20th Century even on
erratically updated machines. There aren't a lot of exploits against
Linux to begin with, how many are going for deep penetration that aren't
targeted hits by intelligence agencies? If the NSA wants to look at
your or my machine they will and we will almost certainly never have a
clue they were there.
In short, just how theoretical an attack am I expending effort to repel?
[1] And that IS the nub of the problem now isn't it; and the gateway to
insanity. Do you trust the rescue media and/or the machine that
downloaded and burned it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/test/attachments/20120418/cb40c31e/attachment.sig>
More information about the test
mailing list