Sam writes: > In a sitution like this, you just *don't* ship a binary package that, > after it's installed, it scribbles all over its binary files. sendmail's /etc/aliases.db is a security-critical binary file created from user-supplied configuration data. How, pray tell, are you going to check the integrity of /etc/aliases.db? If you can verify /etc/aliases.db, why can't you verify the qmail files? The reality is that people don't verify /etc/aliases.db after a breakin. They either ignore it, leaving a perfectly adequate hiding place for intruders, or reinstall it, which is the right thing to do. ---Dan
- Re: Frivolous forking Peter C. Norton
- Re: Frivolous forking Russ Allbery
- Verifying system binarie... Rask Ingemann Lambertsen
- Re: Verifying system bin... Russ Allbery
- Re: Frivolous forking Rask Ingemann Lambertsen
- Re: Frivolous forking Scott Ballantyne
- Re: Frivolous forking Russ Allbery
- Re: Frivolous forking Vince Vielhaber
- Re: Red Hat Linux and Frivolous forki... Kai MacTane
- Re: Frivolous forking listy-dyskusyjne Krzysztof Dabrowski
- Re: System integrity verification and... D. J. Bernstein
- Re: System integrity verificatio... Peter C. Norton
- Re: System integrity verific... D. J. Bernstein
- Re: System integrity ver... Russell Nelson
- Re: System integrity ver... D. J. Bernstein
- Re: System integrity ver... Russell Nelson
- Re: System integrity ver... Dax Kelson
- Re: System integrity ver... Russell Nelson
- Re: System integrity ver... Peter C. Norton
- Re: System integrity ver... D. J. Bernstein
- Re: System integrity ver... Peter C. Norton
