In thinking about some of the internals of pkg as outlined in this CR...
https://defect.opensolaris.org/bz/show_bug.cgi?id=16972 ... I started to wonder what that does for our ability to detect malicious change. A malicious change would be when a hacker modifies the CTF and not the elfhash, resulting in different code being run but "pkg verify" reporting the same. Ok, so if a hacker is smart enough to do this then they can probably also hack the local database in /var/pkg with which the elfhash for a binary is compared. But if the repository from whence the install is made is on another host or otherwise secure, would it be possible to have "pkg verify" use that as an authorative source, potentially putting the source of the real hash out of arm's reach? Or is that already the behaviour? (the man page isn't clear about which data source is used for the baseline comparison data.) Darren _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
