On Thu, 2002-10-24 at 00:17, James Stevenson wrote:
>
> > Be surprised: I run "gpg --verify foo.tgz.sign foo.tgz" every time I download
> > from kernel.org. And, "rpm --checksig *.rpm" on stuff from redhat.com too.
>
> and when an attacker looks into your .bash_history see this and modifies
> gpg and rpm ?
When the attacker can look into the .bash_history of root he has already
taken over the box. As Alan already stated before on this thread, when
the attacker has root, the game is over anyway - what happens next only
effects how long it will take you to find out you have 'guests'.
The purpose of the GPG spiel is to stop (read: make it harder) from the
attacker becoming root in the first place, for example by replacing
packages you download (either on the ftp site or in trnasit) with
trojaned copies.
Gilad.
-- Gilad Ben-Yossef <gilad@benyossef.com> http://benyossef.com"Geeks rock bands cool name #8192: RAID against the machine"
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:22 EST