[sudo-users] Checksum for executed scripts
Shawn McMahon
syberghost at gmail.com
Tue Aug 20 08:18:26 MDT 2013
I would think scripts would be a worst-case scenario for MD5, since it's no
longer sufficiently difficult to create collisions. A properly-crafted
series of comments could make any script share the MD5 hash of any other
script. You would want SHA instead.
...and then as I was typing this, Todd replied with how to do that. :)
On Tue, Aug 20, 2013 at 8:20 AM, Oracle.Beratung at t-online.de <
oracle.beratung at t-online.de> wrote:
> Hello,
>
> for some reasons I would like to have an MD5 checksum for scripts executed
> by sudo to be able to check that scripts executed via sudo but created by
> others contain what they have to contain.
>
> For example root.sh for Oracle installations.
>
> Because those scripts could be used as a backdoor to execute whatever
> someone wants as root user to make himself a superuser.
>
> A checksum would be a nice feature to make this safer.
>
>
>
> Mit freundlichem Gruß
> Gerald Röhrbein
> OraForecast.com the oh in Oracle
> Alter Fährberg 9
> 24814 Sehestedt
>
> Tel.: 0171 68 236 71
> Privat.: 04357 99583 76
> Fax: 04357 99583 79
>
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list