From: James Cleverdon <jamesclv@us.ibm.com>
To: James Stevenson <james@stev.org>
Cc: Gilad Ben-ossef <gilad@benyossef.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: One for the Security Guru's
Date: Wed, 23 Oct 2002 15:39:43 -0700 [thread overview]
Message-ID: <200210231539.43167.jamesclv@us.ibm.com> (raw)
In-Reply-To: <1035411422.5377.11.camel@god.stev.org>
On Wednesday 23 October 2002 03:17 pm, James Stevenson wrote:
> > Be surprised: I run "gpg --verify foo.tgz.sign foo.tgz" every time I
> > download from kernel.org. And, "rpm --checksig *.rpm" on stuff from
> > redhat.com too.
>
> and when an attacker looks into your .bash_history see this and modifies
> gpg and rpm ?
First, I use ksh, so the kiddie is looking into the wrong history. ;^)
Second, I'm trying to keep him/her/git out by not loading a trojaned package.
Once the scumbag is inside your box, it's much harder to throw them out. In
fact, a reinstall is usually in order.
Third, if they don't do it already, I'd like kpackage, gnorpm, and similar
tools to always check signatures before loading a package. (And, for the GPG
public keys used to have come with trust signatures from the installation
CD.) That would really help with all the newbies to *nix coming on board
now.
PS: If you don't trust your gpg or rpm, boot off install CD # 1, switch to a
text console, and use the ones on the CD. QED. :^)
--
James Cleverdon
IBM xSeries Linux Solutions
{jamesclv(Unix, preferred), cleverdj(Notes)} at us dot ibm dot com
next prev parent reply other threads:[~2002-10-23 22:34 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-23 13:02 One for the Security Guru's Robert L. Harris
2002-10-23 13:13 ` John Jasen
2002-10-23 13:20 ` Keith Owens
2002-10-24 7:56 ` Greg KH
2002-10-23 13:45 ` Alan Cox
2002-10-23 13:59 ` Gilad Ben-ossef
2002-10-23 22:14 ` James Cleverdon
2002-10-23 22:17 ` James Stevenson
2002-10-23 22:39 ` James Cleverdon [this message]
2002-10-23 22:44 ` James Stevenson
2002-10-24 6:12 ` Gilad Ben-Yossef
2002-11-06 21:39 ` Florian Weimer
2002-10-23 14:57 ` Richard B. Johnson
2002-10-23 17:56 ` Gerhard Mack
2002-10-24 9:38 ` Henning P. Schmiedehausen
[not found] ` <ap8f36$8ge$1@dstl.gov.uk>
2002-10-24 10:01 ` Tony Gale
2002-10-24 16:13 ` Gerhard Mack
2002-10-24 16:39 ` Henning P. Schmiedehausen
2002-10-24 16:34 ` David Lang
2002-10-24 17:04 ` Gilad Ben-Yossef
2002-10-25 9:44 ` Henning Schmiedehausen
2002-10-25 20:52 ` H. Peter Anvin
2002-10-26 10:43 ` Henning P. Schmiedehausen
2002-10-27 10:17 ` Rogier Wolff
2002-10-28 7:47 ` Chris Wedgwood
2002-10-24 22:02 ` Danny Lepage
2002-10-25 9:40 ` Henning Schmiedehausen
2002-10-24 14:23 ` Gilad Ben-ossef
2002-10-25 4:09 ` Stephen Satchell
2002-10-25 13:47 ` Stephen Frost
2002-10-26 10:38 ` Rogier Wolff
2002-10-26 9:44 ` Rogier Wolff
2002-10-26 10:46 ` Henning P. Schmiedehausen
2002-10-23 16:23 ` Henning P. Schmiedehausen
2002-10-23 17:55 ` David Lang
2002-10-23 19:46 ` H. Peter Anvin
2002-10-23 22:15 ` James Stevenson
2002-10-24 9:47 ` Henning P. Schmiedehausen
2002-10-25 12:28 ` Daniel Egger
2002-10-25 15:22 ` Alex Riesen
2002-10-25 16:38 ` Stephen Satchell
2002-10-25 18:21 ` [OT] " J Sloan
2002-10-26 10:40 ` OT " Rogier Wolff
2002-10-24 10:11 ` Ville Herva
2002-10-24 11:09 ` Henning P. Schmiedehausen
2002-10-24 11:55 ` Alan Cox
2002-10-24 14:40 ` Henning P. Schmiedehausen
2002-10-24 15:36 ` Alan Cox
2002-10-24 16:46 ` Eric W. Biederman
2002-10-24 6:04 ` David Wagner
-- strict thread matches above, loose matches on Subject: below --
2002-10-23 21:49 Hank Leininger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200210231539.43167.jamesclv@us.ibm.com \
--to=jamesclv@us.ibm.com \
--cc=gilad@benyossef.com \
--cc=james@stev.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.