Bug 1027 - Verify checksums of client binaries at startup
Summary: Verify checksums of client binaries at startup
Status: CLOSED WONTFIX
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC Linux
: P2 Enhancement
Target Milestone: 4.18.0
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-03 09:50 CET by Erik Forsberg
Modified: 2024-09-03 13:31 CEST (History)
0 users

See Also:
Acceptance Criteria:


Attachments

Description Erik Forsberg cendio 2005-01-03 09:50:14 CET
One problem now on the rising in the world is trojaned ssh binaries that report
every (hostname, username, password) combination to some malicious host, often
via DNS. This way, one infected system leads to a lot of other infected systems.

There has been at least one occasion when the putty downloadable from
download.com has been a spyware-installing version.

The risk of an infected ssh binary being used by tlclient is not high, since we
ship and use our own binaries, but it could happen. 

We could protect ourselves (and more importantly, our customers) from this by
checking the checksum of the ssh binary being used before using it.

This would not only give some protection, but it would also give our customers
another signal that ThinLinc cares about security.
Comment 3 Pierre Ossman cendio 2024-09-03 13:31:01 CEST
The security of this is dubious, as if you can modify some parts of tlclient, you should be able to also modify this check of binaries. We also haven't seen any user demand for this.

Note You need to log in before you can comment on or make changes to this bug.