On Thu, Jul 9, 2009 at 5:12 PM, Jakub Jelinek <[email protected]> wrote:
> On Thu, Jul 09, 2009 at 05:07:05PM +0200, yersinia wrote: > > But something one have to pay a security prize on not disabling it : it > > render impossible to have a > > centralizzated security integrity management (e.g. rfc.sf.net for > example) > > or one have to skip from check the prelink binary. Very bad i think. > > That's what prelink -y is for, it verifies the binary would prelink from > unprelinked state to bitwise same file and gives you the bits before > prelinking, which you can use for verification. > rpm -V uses this, why can't other security integrity apps do the same? > Yes I know that rpm do this. But other centralizzated integrity checker, perhaps for portability between posix platform, at max permit to skip the check - OSSSEC for example iirc do this - on prelinked binary. regards > Jakub > > -- > fedora-devel-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/fedora-devel-list >
-- fedora-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-devel-list
