From owner-freebsd-bugs Mon Dec 30 20:30: 5 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3281337B401 for ; Mon, 30 Dec 2002 20:30:04 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD04243ED1 for ; Mon, 30 Dec 2002 20:30:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gBV4U3NS066650 for ; Mon, 30 Dec 2002 20:30:03 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gBV4U31t066649; Mon, 30 Dec 2002 20:30:03 -0800 (PST) Date: Mon, 30 Dec 2002 20:30:03 -0800 (PST) Message-Id: <200212310430.gBV4U31t066649@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: "Sergey N. Voronkov" Subject: Re: bin/46629: md5 checking is a PITA. Reply-To: "Sergey N. Voronkov" Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/46629; it has been noted by GNATS. From: "Sergey N. Voronkov" To: Mike Meyer Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/46629: md5 checking is a PITA. Date: Tue, 31 Dec 2002 09:29:16 +0500 On Mon, Dec 30, 2002 at 08:31:08AM -0000, Mike Meyer wrote: > >Description: > Checking md5 checksums is an error-prone process. > >How-To-Repeat: > Download something that includes the output of md5 as a CHECKSUMS > file. Notice that to confirm the checksum requires verifying the > rather long and unpatterned checksum string by eye. > >Fix: > > md5 should have a "-c file" option, which expects the output of md5 to > be in file, and confirms that the files listed in "file" exist and match > the associated checksums. > > Yes, this requires trusting the mdd5 binary. On the other hand, very few > things one is interested in downloading don't require trusting some > system utility, like the c compiler. So this is at worst a marginal change > in the security given by the md5 checksums to start yes. > > Yes, this is trivial to script. It shouldn't be required of every user. > > Finally, FWIW, I have an Eiffel version of md5 that implements the > -c option, but is missing the standard options of md5. It's available > on request. > #cd /var/ftp/pub/FreeBSD/releases/i386/4.7-RELEASE-p2/bin/ #md5 [a-z]* | diff - CHECKSUM.MD5 Looks like verifying is simple with current version. :-)) Serg N. Voronkov, Sibitex JSC. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message