On Wed, Jan 13, 2010 at 11:58:26PM +0000, Chris Gerhard wrote: > On 13/01/2010 23:40, Shawn Walker wrote: > >That's what pkg verify is for. > > I don't understand. I certainly did not trust pkg verify over a cmp > of the files and would not expect anyone too unelss it is documented > in very big letters.
It's up to you to decide which software you trust. However, the verify command is working correctly and the sections of the ELF file that affect its behavior haven't changed. If you don't trust us, fine, but don't blame us for using the wrong tools. > If the system's security had been compromised pkg verify would > report no problem as the hacker would make sure of it. As Shawn has already observed, if the system is compromised you can't trust any of the software on it. The cmp and digest commands could have been modified -- or the C compiler for all you know. See Ken Thompson's paper "Reflections On Trusting Trust" if you really want to get paranoid. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.84.8238 > Yet the binaries are different. How this is not going to lead to > confusion or worse I can't imagine. Again, the binaries aren't different as far as pkg is concerned. While a portion of the file may have changed so that the digest of the entire file is different, the ELF sections of the file that control its behavior remain the same. -j _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
