Re: wtf ... Something strips installed binaries???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 02, 2008 at 11:07:45AM -0200, Thomas M Steenholdt wrote:
> Bill Crawford wrote:
>> Thomas M Steenholdt wrote:
>>> I wasn't even aware that prelinking actually changed the files. Isn't this kind of dangerous from a system-integrity point-of-view. How can we ever validate binaries if they are modified on purpose?
>>
>> With "prelink --verify" ?
>>
>
> I can't see how that would actually verify that the binary has not been  
> modified by a rootkit or whatever? rpm -V should be able to detect this,  
> on the other hand, but how it works in conjunction with prelinking I  
> don't know...

Another problem is that it prevents binaries from being verified from
outside the machine.  I've been looking at tools which verify binaries
in a virtual machine, from outside the virtual machine (to ensure a
high degree of integrity for the inspection tool).  Same applies for
AIDE (http://www.cs.tut.fi/~rammer/aide.html) if you run it from a
CD-ROM or from the host on a virtual machine.

Rich.

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux