Author: Jorge Timón 2014-01-03 18:21:17
Published on: 2014-01-03T18:21:17+00:00
On January 3, 2014, Troy Benjegerdes expressed concern about the potential for an attacker to replace a portion of a makefile. He suggested that "make" should check the hash to prevent such an attack. However, he acknowledged that this suggestion was more relevant for compiled binaries than for those downloading source code who likely use git.In response to another suggestion that a binary should check its own hash, Benjegerdes indicated that this was not possible. However, there are package management systems like apt-secure that can check the hash of software packages at the operating system level.
Updated on: 2023-06-07T22:03:05.509341+00:00