> On 11 May 2015, at 15:53 , Duncan Murdoch <murdoch.dun...@gmail.com> wrote: > > On 11/05/2015 9:35 AM, Tal Galili wrote: >> Hi Duncan, >> Thank you for the clarification. :) >> >> I ended up removing these files from being scanned in the updated version of >> installr. I would rather focus on supporting an MD5 scan that is based on >> what is listed in MD5 file itself (ignoring exceptions that are not clearly >> stated in the file). >> > > I'm not sure what the purpose is of your test, but if it is to detect > modified files, that might not be a good strategy. A malicious agent could > install fake bin/R.exe or bin/Rscript.exe and not be caught. > > Of course, if they knew to modify those two files but not any others, they > would know enough to also install a fake MD5 file, and then there's basically > nothing you could do. > > Duncan
As a general matter, checksumming is useless against tampering if you ship the checksums with the files (that's why I put the checksums in the release announcements: so that they travel alon a different route to the user). If you do, they only make sense as safeguards against technical errors (such as the infamous CR/CRLF conversions). I still don't get why Tal refuses to work out the apparently quite simple logic that decides which checksums should be used to check the installed R.exe and Rscript.exe. -- Peter Dalgaard, Professor, Center for Statistics, Copenhagen Business School Solbjerg Plads 3, 2000 Frederiksberg, Denmark Phone: (+45)38153501 Email: pd....@cbs.dk Priv: pda...@gmail.com ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
