Gavin wrote: >Experts, > >I installed 8.0 and did an package up last night, the next morning when I >checked the monitor, I noticed that a update had a security problem and gave >the message > >md5sum for gpg was tampered with! possible back door on system.. words are >not exact but to this effect! Now my question,if a security package which has >been tampered with is loaded onto you system, do you A: uninstall the rpm >and all the deps or B: re-load the whole system?? > >I was forced to reload the whole system because removing gpg pulls a lot of >deps and in the end I could not re-load anypackages! hence for the total >reload. Is there an easier way to deal with this type of problem, if so >where can I go to read about it in more depth. > >Sincerely, > >Gavin > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com > a conflict in md5sums can be a problem for security, but more often it is a problem of downloading--meaning a bit flipped somewhere and got past the TCP/IP checks.
If the rpm was a virus package, reloading the system is the only way to go because rpm runs as root, and your whole system (theoretically) could be infected. It is VERY difficult to write successful viruses for linux, but it is possible. So you erred on the side of caution. Nothing is wrong with that; it is better than erring on the side of risk. Usually I do the old-fashioned thing of downloading the packages, comparing the md5sums, then installing if I have a "GO". My IP and domain are known and someone malicious could try to twist the ends of my TCP connections to the internet and become a man-in-the-middle. libnids, libnet and libpcap and a few cents worth of code is all it takes. So far, I have not noticed any such attacks. Most likely you could have done fine by redowning the gpg and forcing it over the bad one, but gpg is one I would never, ever take the slightest chance with, because it is the basis of secure communications. Civileme
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
