[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Bosse Timothy <Bosse dot tf at mellon dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] [Feature Request] md5sum check for Images
 Date:  Tue, 10 Feb 2004 20:17:38 +0100
Bosse Timothy wrote:

> Would it be possible to add a feature to m0n0wall that would do an md5
> check on the image that was uploaded to m0n0wall before upgrading the
> system?  Perhaps something that would check based on the file name that
> was uploaded, cross-reference it with md5sums on the site.  If the file

Why do you think that's necessary? It should detect corrupted images 
because it checks to make sure that gunzip doesn't fail on them before 
installing (CRC). That doesn't protect against compromised images of 
course, but I don't think we're far enough that we have to worry about 
this yet. :)

I might consider compiling m0n0wall's PHP version with OpenSSL support 
and then do real public-key based verification of the images. That would 
also eliminate the need for network connectivity to check the 
authenticity of an image.

- Manuel