Bug 1027 - Verify checksums of client binaries at startup
Summary: Verify checksums of client binaries at startup
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC Linux
: P2 Enhancement
Target Milestone: MediumPrio
Assignee: Pierre Ossman
Depends on:
Reported: 2005-01-03 09:50 CET by Erik Forsberg
Modified: 2016-05-02 11:10 CEST (History)
0 users

See Also:
Acceptance Criteria:


Description Erik Forsberg cendio 2005-01-03 09:50:14 CET
One problem now on the rising in the world is trojaned ssh binaries that report
every (hostname, username, password) combination to some malicious host, often
via DNS. This way, one infected system leads to a lot of other infected systems.

There has been at least one occasion when the putty downloadable from
download.com has been a spyware-installing version.

The risk of an infected ssh binary being used by tlclient is not high, since we
ship and use our own binaries, but it could happen. 

We could protect ourselves (and more importantly, our customers) from this by
checking the checksum of the ssh binary being used before using it.

This would not only give some protection, but it would also give our customers
another signal that ThinLinc cares about security.

Note You need to log in before you can comment on or make changes to this bug.