At 2:17 Uhr +0200 19.6.2001, Ethan Benson wrote: >what if the attacker can poisen your DNS, or routing tables? then he >can trick apt into downloading his 37337 `security update' (more like >unsecurity update heh) Yes, but that's a problem anyway, isn't it? In fact it's a question I have about debian (I'm relative newbie to debian): is there no way to make .deb's with signatures? Do I have to parse the security-announce list mail to get signed md5 hashes to check the downloaded deb's? If so, is there no script doing this already? If yes, the I just wrap this one, so the cracker could merely prevent updates from taking place successfully. >get root, run passwd root, ssh in. But if the passwd command doesn't itself have the rights to access /etc/shadow but only the root login shell has (which only runs if called through sshd), then the cracker would have to know your root passwd before being able to change it. Christian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Peter Cordes
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Christian Jaeger
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Ben Harvey
- Re: A question about Knark and modules Christian Jaeger
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Peter Cordes
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Hubert Chan
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Hubert Chan
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Martin Maney
- passwd et al Simon Huggins
- Re: A question about Knark and modules Christian Jaeger