On Thu, 2012-04-19 at 02:30 +0100, Adam Williamson wrote: > > And rpm -Va doesn't > > show anything nasty in the packages that would give an intruder an in. > > If someone's owned the machine, they can make rpm -Va say whatever they > like. Which brings up a good point. I know that the only way to be sure is booting the machine from a known good[1] rescue media and then check with a copy of RPM running from there using the --root option to point at the suspect filesystem to ensure the system's rpm binary isn't trojaned or the kernel patched to show the original executables to rpm. And even then a REAL enemy would exploit a zero day buffer overflow in rpm via the infected rpm database. On the other hand, has there ever been a real case found in the wild of an infestation that was so good at covering its tracks? The security problems I saw in the past were the crudest script kiddies and I haven't even seen one of those attacks succeed since the 20th Century even on erratically updated machines. There aren't a lot of exploits against Linux to begin with, how many are going for deep penetration that aren't targeted hits by intelligence agencies? If the NSA wants to look at your or my machine they will and we will almost certainly never have a clue they were there. In short, just how theoretical an attack am I expending effort to repel? [1] And that IS the nub of the problem now isn't it; and the gateway to insanity. Do you trust the rescue media and/or the machine that downloaded and burned it?
Attachment:
signature.asc
Description: This is a digitally signed message part
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test