On Thu, Jul 9, 2009 at 5:59 PM, Till Maas <opensource@xxxxxxxxx> wrote:
Strange enough this authorative refs, imho, not cited prelink as a security feature
for aslr :=)
http://www.awe.com/mark/blog/200801070918.html
Btw, the reality is more complex this days. Details omitted, this is not a security mailing list.
Regards
On Thu July 9 2009, yersinia wrote:You pay a security prize if you disable prelink, because it also performs
> But something one have to pay a security prize on not disabling it : it
> render impossible to have a
> centralizzated security integrity management (e.g. rfc.sf.net for example)
> or one have to skip from check the prelink binary. Very bad i think.
address space randomization:
http://lwn.net/Articles/190139/
Strange enough this authorative refs, imho, not cited prelink as a security feature
for aslr :=)
http://www.awe.com/mark/blog/200801070918.html
Btw, the reality is more complex this days. Details omitted, this is not a security mailing list.
Regards
Btw. you can also patch the remote integrity checker to use prelink to either
get a checksum of the perlinked binary or undo the prelinking before checking
it.
Regards
Till
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
