On Fri, 2010-01-22 at 17:08 +0100, Martin Langhoff wrote: > On Fri, Jan 22, 2010 at 5:04 PM, Tomas Mraz <tmraz@xxxxxxxxxx> wrote: > > No, it does not prevent malicious attacker from subverting the > > executable. The integrity check prevents just inadvertent modification > > of the executables/libraries which contain the certified code. > > Like prelink? ;-) Yes, for example. That's why prelink must be disabled when the machine is running in the FIPS compliant mode. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel