Test USM the hashsums and will the hashums veryfie by Certificates from Slackware ?
Exist some mechanism to veryfie some impotant users ?
For example how can i am be shure that brokenman are the real brokenman ?
For example the real brokenman was died on a polonium intoxication or make holiday on Guantamo.
And some security-service-guy find your porteus account and foist me a virus that delete my porn collection,
this will be crap.
Test USM the hash ?
- brokenman
- Site Admin
- Posts: 6105
- Joined: 27 Dec 2010, 03:50
- Distribution: Porteus v4 all desktops
- Location: Brazil
Re: Test USM the hash ?
At the moment USM does not verify hashsums. It only uses the existing well known slackware repositories so it is as secure as the slackware repositories themselves. While I can assure you I am the real brokenman and have not overdosed on any hallucinogen, I can not speak for the maintainers of the slackware packages. There are certainly many attack vectors if you consider the examples you gave, but should I wake up in Guantanamo one morning I will use my one phone call to notify USM users. As for the porn collection ... backup, backup and backup.
How do i become super user?
Wear your underpants on the outside and put on a cape.
Wear your underpants on the outside and put on a cape.
-
- Samurai
- Posts: 134
- Joined: 18 Sep 2012, 20:56
- Distribution: Porteus 64bit KDE4
- Location: Absurdistan
Re: Test USM the hash ?
says the copy of brokenman ?While I can assure you I am the real brokenman
but i have no choice i must trust you.
But generally I think it is good users have puplic gpg-keys,
then exist theoretical possibility to verify the work.
Ok i thing when this will be real than say the copy of brokenman that the key was lost and
here are the new key and i trust than because i do not want to miss Porteus.
Therefore, i trust you that you are inform the community from Guantanamo if this will real.
There are certainly many attack vectors
no the only one that is are a real danger, is malware in a important module,
or have you see a virus that infect a readonly CD, or a ejected USB-stick.
I think another good methode, when booting from HDD, are the use of mopt=noatime,nodiratime,suid,dev,exec,async,ro cheatcode.
and one module should not be copy2ram, so it is not possible to remount the bootpartition.
Or am I wrong there ?
What I mean to say is Porteus is very secure (or you can say it is secure) from outside.
But when the enemy came from inside then there is not even a second line of defense.
-
- Full of knowledge
- Posts: 2564
- Joined: 25 Jun 2014, 15:21
- Distribution: 3.2.2 Cinnamon & KDE5
- Location: London
Re: Test USM the hash ?
But that's the case all around. When one uses apt-get, it's also risky. Could be a mole in Debian, have someone slip an innocuous looking module into usr/bin or usr/lib, and Bob's your uncle, or at least Uncle Sam
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
- brokenman
- Site Admin
- Posts: 6105
- Joined: 27 Dec 2010, 03:50
- Distribution: Porteus v4 all desktops
- Location: Brazil
Re: Test USM the hash ?
Yes Bogomips. While we are building a distro from precompiled upstream sources, security is at best just an illusion. A nice warm blanket that we wrap ourselves in and tell ourselves we are safe. To cite an example just look at the bash bug, badbios and the openssl debacle from a few months ago. Some pretty baseline attack vectors laying within some fundamental packages went unnoticed for years. I do plan to implement the GPG checks in USM in the future if it makes users feel safer.
How do i become super user?
Wear your underpants on the outside and put on a cape.
Wear your underpants on the outside and put on a cape.