Joey Hess <[email protected]> writes: > Russ Allbery wrote: >> It's also always worth bearing in mind that while a really good >> attacker can do all sorts of complex things that make them very hard to >> find, most attackers are stupid and straightforward.
> It's stupid and straightforward to install /usr/local/bin/ls. debsums > will not detect it. True. Adding new binaries is, in my experience, more common than modifying binaries already on the system. I don't really mean to be arguing for debsums as a security mechanism, more just commenting on the general question. I'm on the side that thinks that debsums isn't a horribly useful direction to go for full-blown intrusion detection, and that for what it's really useful for right now MD5 remains entirely adequate. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
