Re: Eternal 'good file hashes' list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2009-10-20 at 10:45 +0200, Ralf Ertzinger wrote: 
> Hi.
> 
> On Tue, 20 Oct 2009 10:20:17 +0200, Tomas Mraz wrote:
> 
> > What would this be good for? Actually for some files it would be a
> > known bad file hashes because these files (binaries or scripts) would
> > contain known vulnerabilities and so knowing that you have a file
> > that was once included in Fedora does not guarantee you almost
> > anything.
> 
> I'm not sure I follow you here. Containing a known vulnerability in a
> binary file has nothing to do with the hash.

I simply meant that if the attacker wanted to compromise your system he
could just revert some binary or script to a vulnerable version which
was previously included in Fedora. So having the files on your system to
match hashes from older package releases does not provide you any
security. For a real security you need to match the hashes against
current package versions.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux