How to verify a package that requests sudo password?

Question

RikTelner 20 Posting Pro in Training

9 Years Ago

I installed Qt, again, on new installation of Ubuntu. It asked me for sudo password, which is not strange since it wants to write it's data in kind of restricted environment. But what if some cracker, has embedded a virus and went of distributing working software from trustworthy company, but when you start it, it also starts sequence of things that you don't want on your computer?

On Windows there was a verification, that whenever program asks you for administrator permission, you could kind of see that the installation file is trustworthy because not a single byte has been changed, the "Author: Google Inc." and block is colored blue, not yellow. Is there a way to have same in Linux? I don't need boxes and button pressing, but is there a way to verify "is current running process that of which name I know, unchanged official redistributed installation file?".

I know I could check checksums, but, not every software developer is giving you official checksums and it also kind of takes time. Is there a way to verify running application that asks me for sudo password?

ubuntu

3 Contributors
4 Replies
246 Views
3 Days Discussion Span
Latest Post 9 Years Ago Latest Post by RikTelner

rubberman 1,355 Nearly a Posting Virtuoso

9 Years Ago

So, use sudo to change to root: sudo su -
Then, install the package. No passwords will be sent to any malware as a result. Checksums are good, and I think that Qt will provide those if you need.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

RikTelner 20 Posting Pro in Training · Answer 1 · 2015-04-01T12:28:42+00:00

So, use sudo to change to root: sudo su -

?, it requested plain password, program gave me pop-up and asked me for sudo password.

Checksums are good, and I think that Qt will provide those if you need.

And in case I would need to download software from verified app developer, but doesn't provide checksums? Is there way to verify it?

Slavi 94 Master Poster Featured Poster · Answer 2 · 2015-04-01T12:44:10+00:00

I would doubt it if they don't provide at least md5 checksums

or do you mean how to find the checksum of the downloaded file? In this case md5sum is a command line utility to do that, should be inbuilt in ubuntu

RikTelner 20 Posting Pro in Training · Answer 3 · 2015-04-03T20:21:54+00:00

Okay, off with MD5 checksums, we're off to a wrong direction. The original question is:

"How to verify a package that requests sudo password?"

Forget everything I said about checksums.