On Tue, Dec 22, 1998 at 05:26:30PM -0000, Russell Nelson wrote:
> D. J. Bernstein writes:
> > If your machine has been compromised, you must reinstall. If you merely
> > verify the constant files, you are missing hundreds of security-critical
> > system-dependent files. Your suggestion, manual inspection, is absurd.
I would not want to forget, that the purpose of verifying a package/file is
not just for security. Hard disk problems can also compromise files---I'd
think that kind of danger is more likely than security breaches.
A few weeks ago, some bad blocks brought the server in our Linux lab to its
knees (WD harddrives and Linux do not get along in our lab), and after fsck
repaired the system, we used rpm's verify option to verify all packages. We
just had to reinstall two packages, and all was well. In less than an hour.
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
