What Are the Security Implications of not Completely Signing Database?

Hello everyone,
What are the security implications of not completely signing the database?
From http://www.archlinux.org/pacman/ ,
The following quote implies that the database exists merely just in case hand tweaking is necessary:
maintains a text-based package database (more of a hierarchy), just in case some hand tweaking is necessary.
However, considering that there are cases that pacman's local database needs to be restored, there are implications that the database is essential for pacman to function properly.
From https://wiki.archlinux.org/index.php/Ho … l_Database :
Restore pacman's local database
Signs that pacman needs a local database restoration:
- pacman -Q gives absolutely no output, and pacman -Syu erroneously reports that the system is up to date.
- When trying to install a package using pacman -S package, and it outputs a list of already satisfied dependencies.
- When testdb (part of pacman) reports database inconsistency.
Most likely, pacman's database of installed software, /var/lib/pacman/local, has been corrupted or deleted. While this is a serious problem, it can be restored by following the instructions below.
I know that all official packages (from core, extra, community, etc.) are signed so that all files should be safe, but I'm just paranoid.
What if the database was hacked?  Will this lead to installation of harmful software?
Sincerely,
Cylinder57
Last edited by Cylinder57 (2012-10-15 03:42:31)

Cylinder57 wrote:
From this quote:
Allan wrote:But, the OP (also?) talks about the local package database on his computer.  That is not signed at all as there is no point.  If someone can modify that, then they can regenerate the signature, or just modify any other piece of software on your computer.
Is it going to be easy for anyone other than the authorized user to modify the local package database?
Allan basically answered that with the quote above already as I understand it. Someone who has access to the installation, e.g. is able chrooting your PC via USB, is not held back by any ACLs. However, modifying the local database only makes limited sense because the packages are already installed. Pacman would only recheck, if you re-install a package. The only really relevant attack vector for the package database is
(1) installing an older package with a vulnerability,
(2) re-placing the up-to-date package sig in the local database with the older one and
(3) modifying the system, e.g. via pacman.conf excludes, to not update that.
then also re-installing would not create a sig-error and you get stuck with the bogus old package.
With a signed database this would not be possible. However, as Allan wrote earlier also with a signed database that criminal can manually install (totally leaving pacman & package cache) whatever it needs in this scenario. So, if you are -really- paranoid about that, you probably want to spend (a lot of configuring) time with something like the "aide" package.
Cylinder57 wrote:
And, are the following statements correct:
If the repository databases are modified, the hacker might be able to modify the packages on the server (Considering that if someone can modify the local package database, that person can modify any other piece of software on that particular computer.)
However, pacman won't let users from installing the modified packages (due to package signing,) unless at one person with access is bribed (at least, for an individual package.)
I don't know the intricacies of the server infrastructure - only saw they have great names :-), but I am pretty certain your statements assume that correctly. It is pretty unlikely that someone able to modify the central repository database fails at placing a bogus package for shipping with those access rights at this time. Yet it does no harm not to post any details of such a scenario here imo. In any case: A compromised mirror would be enough for that - and easier to achieve (hacked anywhere or e.g. in a non-democratic state). Plus you also answered it yourself. The keys are key for our safety there. Which keeps me hoping that no criminal lawnmover salesmen frequent the Brisbane area.
As you put up a thread about this, one question you can ask yourself is:
Have you always checked on updates new signatures keys which pacman asks about? If you ever pressed "accept/enter" without checking them out-of-band (e.g. the webserver), that compromised mirror database might have just created a "legitimate" key .. user error, but another attack vector the database signing would catch.
edit: Re-thinking the last paragraph just after posting, I now believe it would not be that easy as implied - simply because the bogus key is not trusted by one of the master keys. The pacman pgp trust model should catch that without database signing. At least it would if only the official repositories are activated, but that's a pre-requisite to the whole thread.
Last edited by Strike0 (2012-10-20 23:01:26)

Similar Messages

  • What are the security implications of having JAVA running on my Mac Book Pro?

    What are the security implications of having JAVA running on my Mac Book Pro?

    Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
    Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
    Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
    Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

  • What are the security settings to lock down a form with fillable fields and yet allow someone with Reader to fill in the fields as will as save the form and print it?

    What are the security settings to lock down a form with fillable fields and yet allow someone with Reader to fill in the fields as will as save the form and print it?

    You want to allow someone to open your document and fill out the form (in the fields you have created), but not change or edit the form, right? Here's the answer - assuming you are using Acrobat Pro and someone will be opening the PDF using at least Acrobat Reader 9 and up:
    Tools > Protection > Encrypt < Encrypt with Password
    Answer YES to change the security.
    A new window opens:
         Do NOT select Document Open (or that will require a password to open the document.)
         Select: Permissions (Check the box next to "Restrict editing and printing of the document.")
         Change the following 2 settings from the drop-down box:
              Printing Allowed: Select High Resolution
              Changes Allowed: Select Commenting, filling in form fields, and signing signature fields
              Leave selected: "Enable text access for screen reader devices for the visually impaired"
              Change Permissions Password (insert a strong password)
              Leave all other settings alone in "Options"
              OK - OK
              Re-enter the Permissions Password (the one you entered above)
              OK - OK
              Save the PDF to apply the security [notice that (SECURED0 will appear after the document title]

  • What are the security risks for opening port 80 on workstations?

    Hello all,
    in our environment, there is an application which open port 80 on workstations when installed, but it is not allowed on preimeter FW
    could you please advise what are the security risks for leaving port 80 opened on the workstations? or it is considered secure unless it is not allowed on the preimeter FW?
    thanks alot & regards

    Hi R.Naguib.
    The 80 port is open by default through the firewall on Windows system, it is used by a http protocol by a browser.
    As for the network or hardware Firewall settings, I suggest to turn to the network administrator for details.
    Regards
    Wade Liu
    TechNet Community Support

  • What are the security post refresh procedures in general?

    Hi,
    Can anyone list me out What are the security post refresh procedures in general?
    Thanks and Regards,
    Damanaidu J

    >
    Damanaidu jawaharlal wrote:
    > Hi,
    >
    > Can you cite with respect to CUA.
    >
    > Thanks and Regards,
    > Damanaidu J
    CUA
    ====
    CUA behaves differently during a system/client copy and this is the approach we took and it was successful.  The goal is to take a backup of the source before CUA deletion then restore. Do not delete CUA and just attempt to rebuild it, all the roles will be gone.  Backup and restore will be the approach I recommend.
    a1.  Take a snap shot of your QA user and role assignments before copy.
    1.  (Basis) First make a backup of the source system.  This is important before step 2.
    2.  After successful backup delete the CUA from the source system. 
    3.  After successful copy to target system, restore backup to source system.
    4.  Depending how the copy was done, users and passwords should be in the target system but all the role assignments will be gone. 
    5.  Start assigning roles base on your requirements.  If you need to restore the old QA settings that is captured in a1.
    Perhaps others can add in other steps I might have missed.
    Good Luck!

  • What are the differences of creating a physical standby database with ASM?

    I want to create a physical standby database for my 10g(10.2.0.1) database. But it is using ASM. Is it possible to create a standby database for a database using ASM?
    What are the differences of creating a physical standby database with ASM?

    tell us what your research shows and we'll try to
    validate it. I am simulating Oracle ASM on a PC and I want to try
    DataGuard on it now. So I am trying to create DataGuard
    on an ASM system. The purpose is only learning and test.That's telling us how you are researching, not what you have observed.
    Your research could have included looking at the documetation, and you might have found http://download.oracle.com/docs/cd/B19306_01/server.102/b14239/scenarios.htm#sthref1642
    which discusses exactly what you are looking for.
    Message was edited by:
    Hans Forbrich

  • What are the steps applying incremental backups to standby database 11g

    Hi All,
    I have built 11g none ASM standby database from ASM RAC Database. Now I want to apply incremental backup to the standby database from primary but not sure how to do it. I tried following and I had an error “ORA-01103: database name 'ins-prim' in control file is not 'ins-sec'”
    1- I have configured standby database with RMAN backup.
    2- After finishing installation, I took a incremental backup from primary server(ins-prim) and moved incremental backup and control file to the standby (ins-sec) database
    3- I stared standby database nomount mode
    4- restore controlfile from “incremental backup location in standby database”
    5- alter database mount; and got this error
    “ORA-01103: database name 'ins-prim' in control file is not 'ins-sec'”
    What are the steps applying incremental backups to standby database with 11g?
    Thank you

    I build the database from backup and changed from ASM to none ASM and changed location of data files and logfiles. I think this changes makes the standby database as logical one.
    You can a have a physical standby with different locations for everything (redo/controlfiles/datafiles), ASM and no ASM etc. I have a such a configuration in production (10gR2)
    I build the database from backup
    Are you sure you have a standby ? Ins-sec receives the archivelog files from the primary ? How did you proceed to build this database ? I suspect you don't have a standby at all ! If you have duplicated the database ins-sec and ins-pri are independent databases and you won't be able to apply an incremental backup (your script was not correct but it is another story)

  • Is Firefox available for use in a Citrix environmet, what are the licensing implications

    Is Firefox available for use in a Citrix environmet, what are the licensing implications

    Licensing is easy: the [http://www.mozilla.org/MPL/2.0/ Mozilla Public License] is free and open. Naturally, it contains the customary disclaimers and limitations.
    Implementation might be more of a challenge because Firefox presumes certain things about the system.
    I suggest joining the Enterprise Working Group Mailing List to connect with an audience of corporate implementers on this issue and search the list archives.
    * http://www.mozilla.org/firefox/organizations/
    * https://mail.mozilla.org/listinfo/enterprise
    If you find other good resources, would you mind contributing them back to this thread? Thanks.

  • What are the differences between Oracle and other NoSQL database

    Hi all,
    I would like to know what the differences between Oracle and other NoSQL database are.
    When and why should we use Oracle?
    Is Oracle NoSQL database link with Big Data Appliance?
    Can we use map-reduce on a single personal computer? How should we install Oracle NoSQL database to use map reduce on a single personal computer?
    Do we also have eventual consistency with Oracle NoSQL database? Can we lose data if master node fails?
    Are transactions ACID with Oracle NoSQL database? How can we prove it?
    Thanks.

    893771 wrote:
    Hi all,
    I would like to know what the differences between Oracle and other NoSQL database are.
    When and why should we use Oracle?I suggest that you start here:
    http://www.oracle.com/technetwork/database/nosqldb/overview/index.html
    Is Oracle NoSQL database link with Big Data Appliance?Yes, Oracle NoSQL Database will be a component of the Big Data Appliance.
    Can we use map-reduce on a single personal computer? How should we install Oracle NoSQL database to use map reduce on a single personal computer?Yes, I believe you can run M/R on a single computer. Consult the various pieces of documentation available on the web. You may run Oracle NoSQL Database on the same computer that you are running M/R on, but it is likely that they will compete for CPU and IO resources and therefore performance may suffer.
    Do we also have eventual consistency with Oracle NoSQL database? Yes.
    Can we lose data if master node fails?If you run Oracle NoSQL Database with the default (recommended) durability settings, then if the master fails, a new one will be elected and data is not lost.
    Are transactions ACID with Oracle NoSQL database? How can we prove it?Yes, each operation is executed in an ACID transaction. The API has the concept of "multi" operations which allow the caller to perform multiple operations on sets of records with the same major key, but different minor keys. Those operations are also performed within a transaction.
    Charles Lamb

  • What are the expected implications in implentation of Fund Management.

    Dear All,
    We are in the live Environment of ECC 6.0, currently we have FICO and HR module Implemented. we have been gone live since January 2007.
    In FI, we have GL, AR, AP, Fixed Assets. Banking, IM and PS.In treasury we have loan management and Time deposits. In controlling we have Cost Center Accounting, Cost Element Account, Internal orders and some parts of COPA.
    Currently MM and PM Implementation is going on, now we are thinking to implement Fund Management to control the budget. (our objective is to control Operational budget)
    Can any body guides us with respect to the followings:
    what can be the impact of Implementing Fund Management in Live Enivornment? (Please be noted we are using New GL Functonality as well).
    How it effects the cost cycles? (we have series of complex Cost Cycles)
    Any other impact of Implementing Fund Management?
    Regards,

    Dear All,
    We are in the live Environment of ECC 6.0, currently we have FICO and HR module Implemented. we have been gone live since January 2007.
    In FI, we have GL, AR, AP, Fixed Assets. Banking, IM and PS.In treasury we have loan management and Time deposits. In controlling we have Cost Center Accounting, Cost Element Account, Internal orders and some parts of COPA.
    Currently MM and PM Implementation is going on, now we are thinking to implement Fund Management to control the budget. (our objective is to control Operational budget)
    Can any body guides us with respect to the followings:
    what can be the impact of Implementing Fund Management in Live Enivornment? (Please be noted we are using New GL Functonality as well).
    How it effects the cost cycles? (we have series of complex Cost Cycles)
    Any other impact of Implementing Fund Management?
    Regards,

  • What are the SEO implications of personalization/teasers?

    It seems like the AJAX loading of personalized content would be potentially a problem for SEO. Are there any best practices around this? The client is using v5.4 but looking at upgrading to 5.6 - are there any changes in the newest versions that would affect this?
    Thanks

    Hi Joel,
        AFAIK with 5.5 onwards teaser component deliver default teaser without Javascript & with JavaScript enabled the target spot getting replaced with the personalized content.  With this search engine google indexes the page with rest of contents(heading) in your page & should not impact seo. There might be FP for this for 5.4 In case not you can request for the same through daycare.
    Thanks,
    Sham
    @adobe_sham
    http://aemfaq.blogspot.com/

  • What are the performance implications moving apps using cloud drive to Azure File Services?

    I run a number of cloud services with 5 or more nodes in using cloud drives. Cloud drive is scheduled to be deprecated in 2015. So I am thinking of replacing the cloud drive with Azure Files service.
    For each cloud service I am using one storage account to create all the the VHD/cloud drives. Some people at the time when cloud drive first appeared, told me that to get better performance, I should create only one VHD/Cloud Drive
    under only one storage account. For example, if I have five instances under a worker role then I should create 5 storage accounts and create one VHD/Cloud Drive under each storage account to be used by each node. I didn't follow that route because I was satisfied
    with the performance of the apps under cloud services having all VHD/Cloud Drives under one storage account.
    My question is, if I replace cloud drive with Azure file services, will my apps perform well having all shares under one storage account or create one storage account for each share?
    Thanks,
    @nazik_huq

    Thanks Obama for replying.
    Here is the comment from @jaiharidas of MSFT if anyone's interested:
    @Naziq, It is better to have multiple shares under single storage account and there is no perf implications. However, please ensure that your ingress/egress and request/sec is within
    the limits of a single storage account (seemsdn.microsoft.com/.../dn249410.aspx)
    and use multiple storage accounts if you need to scale beyond the limits.
    See the original comment  on Azure Storage Team here: http://ow.ly/ChPNf 
    @nazik_huq

  • What are the security options

    How can I have my mac air require a log in when opening it.

    Try System Preferences > Users & Groups > Login Options and turn off automatic Login. You then use your Admin Password to log in.
    Cheers
    Pete

  • The web developer toolbar wont load on my computer, what are the possible solutions?

    when i click to download the toolbar now, firefox refreshes as it should be nothing happens.
    maybe i dont see the toolbar? i cant find it.
    what are the possible reasons its not downloading and what can i do?

    Hey lydiabat10,
    Thanks for using Apple Support Communities.
    Looks like the iPhone won't allow explicit content on it. One thing you may want to look at is the Restrictions.
    iOS: Understanding Restrictions (parental controls)
    http://support.apple.com/kb/HT4213
    Have a nice day,
    Mario

  • My 4th gen 32gb iPod touch recently crashed for more than 12 hours during which time it was completely unresponsive. This is not the first time it has crashed but by far the longest time it has been unresponsive. What are the likely causes of this?

    I don't regularly use any apps beyond Windows Live, Facebook, Skype etc. but app crashes are becoming frequent and this recent blackout was disturbing. What are the potential causes of this and how can I avoid them in the future?

    it's weird , your device is not jailbreraked and it crashes? my device is jailbreaked and i almost have the same problems.
    look, to avoid these problems:
    1- dont open too much apps , and if you do , close them by multitasking menu.
    2-try sometimes to turn off and on your device , its like refreshing ( called "respringing" in jailbreaked devices.
    if you have the same problem , see an apple specialist.
    plz mask as helphul question.
    thanks.

Maybe you are looking for

  • How to obtain current location with in a flow

    Hi, This might be very basic level query, but i cant figure it out. I want to extract the location with in a flow. ie in my proxy service i have multiple stages and with in each stage i am using some log actions to print some statements. I can see th

  • Cannot Scan with Network Connected HP Color Laserjet 2840 MFP

    Just acquired Lenovo T530 which comes with Windoze 7 installed.  My SOHO printer is an HP 2840 connected on LAN and I was able to use scanner function without problems from previous laptop running Win XP. New laptop total failure as it doesn't see th

  • Wont print on cardstock

    i can not get this printer to print on cardstock.what am i doing wrong.regular paper yes,cardstock no.please help????

  • Select Row immediately previous and following a date range

    I have a query which returns two values within a given date range (colA, colB). This works great. However, I also need to return (in a separate query) the entries immediately previous and following this current date range (same two values). I am more

  • Imac verliert verbindung zu maus+tastatur

    nach kurzer zeit (manchmal 5 manchmal 10 minuten) verliert er die verbindung zu maus(Kabel) und tastatur (bluetooth), läuft sonst allerdings weiter. er ist nur nichtmehr steuerbar. was könnte das sein? vom netz genommen etc. hab ich schon. bin nun et