On Tue, Sep 02, 2008 at 11:07:45AM -0200, Thomas M Steenholdt wrote: > Bill Crawford wrote: >> Thomas M Steenholdt wrote: >>> I wasn't even aware that prelinking actually changed the files. Isn't this kind of dangerous from a system-integrity point-of-view. How can we ever validate binaries if they are modified on purpose? >> >> With "prelink --verify" ? >> > > I can't see how that would actually verify that the binary has not been > modified by a rootkit or whatever? rpm -V should be able to detect this, > on the other hand, but how it works in conjunction with prelinking I > don't know... Another problem is that it prevents binaries from being verified from outside the machine. I've been looking at tools which verify binaries in a virtual machine, from outside the virtual machine (to ensure a high degree of integrity for the inspection tool). Same applies for AIDE (http://www.cs.tut.fi/~rammer/aide.html) if you run it from a CD-ROM or from the host on a virtual machine. Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://et.redhat.com/~rjones/virt-top -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
