On Sun, Apr 6, 2008, Julien Stuby <[EMAIL PROTECTED]> wrote: > Hi, > > If some packages are localy modified, This suggests that your local system > is already compromised. > :¬
Of course. I will be verifying the integrity of my .deb files from another, more trusted system (a LiveCD or a hardened host that have never been connected to any network, etc.). So the compromise of my system won't prevent me from checking the package integrity securely. The second system is not immune. It might have a vulnerability in its filesystem layer or in the code that processes the Release and Packages files, and a local IDS might not be able to detect the exploitation of such a vulnerability. But that is acceptable because the attack surface of the trusted system is much reduced compared to that of the first system. -- Alexander
