Checksums Done Right
scott at cse.ucdavis.edu
scott at cse.ucdavis.edu
Sun Jul 1 21:59:03 UTC 2007
> needs replacing immediately.
So if not immediately, is there a timeline for replacing md5 in the deb
package format? I'm not familiar with how these edge cases work so maybe
that's a question for the dpkg maintainers. Regardless, I imagine the best
way to replace md5 would be to offer both md5 and sha256 concurrently
before removing md5 eventually.
>> > So the real benefit is that you can do this on a live system, rather
>> > than having to reboot to known-good media?
>>
>> Potentially, yes. Of course I envision malicious kernel modules being
>> created that remove themselves from the filesystem while running then at
>> the last minute before shutting down write what's necessary to load
>> themselves on boot again. In that case you'd have to shutdown the system
>> to be certain.
>
> With modern hardware the sensible thing to do is just to boot from CD.
With modern hardware shutting a dom0 down might mean taking out 10+
active, virtualized servers (in a HA environment it means live migrating
those other servers). Assuming your dom0 is secure, rebooting only the
domU you wish to check is sufficient and ideal. I expect tools to emerge
that will allow one to analyze/validate a domU's kernel, loaded modules,
and memory from the dom0 but until then shutting down individual domUs
will have to do.
Scott
More information about the Ubuntu-devel-discuss
mailing list