On Mon, 2010-02-01 at 14:00 -0500, Toshio Kuratomi wrote:
On Mon, Feb 01, 2010 at 01:38:13PM -0500, Toshio Kuratomi wrote:
1) The present packages need to be fixecd. Sounds like fipscheck, hmaccalc,
and openssh. They are violating the FHS which is prohibited by the
Guidelines. Ralf,
On Tue, Feb 02, 2010 at 10:28:11AM +0100, Tomas Mraz wrote:
I am sorry, but I do not see a real need for special guideline for the
fipscheck checksums. The policy where these checksums should/will be
placed should be decided by the fipscheck package itself. Of course I
As soon as multiple
On Tue, 2010-02-02 at 21:04 +0100, Björn Persson wrote:
Tomas Mraz wrote:
There is still a slight problem with the library checksums especially
for the libgcrypt library which currently resides in /%{_lib}. This
means that if it looks for the checksum in %{_libdir}/fipscheck the /usr
On Fri, 2010-01-22 at 08:41 -0800, Cleaver, Japheth wrote:
Denis Leroy
what about '/usr/bin/[', part of cureutils... had never
noticed this one before.
-denis
Isn't that simply what makes if [ (blah) ] work?
It's cute isn't it? I had the biggest grin the day I realised that '['
Garrett Holmstrom gho...@fedoraproject.org writes:
On Mon, Jan 25, 2010 at 6:09 AM, Bryn M. Reeves b...@redhat.com wrote:
It's cute isn't it? I had the biggest grin the day I realised that '['
was just another command..
That's the reason [[ can use special characters like and without
On Mon, 2010-01-25 at 17:44 +0100, Andreas Schwab wrote:
Bryn M. Reeves b...@redhat.com writes:
nitpick [ may be a built in but then again (as its presence
in /usr/bin implies) it may not be :).
Like any other command.
But unlike '[[' which is the point I was replying to. Afaik you
On 01/22/2010 07:53 AM, Ralf Corsepius wrote:
On 01/22/2010 01:22 PM, Tomas Mraz wrote:
These are checksums required by FIPS-140-2 integrity verification checks
of the fipscheck and ssh binaries.
I.e. package data.
= These packages are non-FHS compliant and qualify as broken.
I don't
On Fri, Jan 22, 2010 at 5:04 PM, Tomas Mraz tm...@redhat.com wrote:
No, it does not prevent malicious attacker from subverting the
executable. The integrity check prevents just inadvertent modification
of the executables/libraries which contain the certified code.
Like prelink? ;-)
m
--
On 01/22/2010 04:24 PM, Przemek Klosowski wrote:
On 01/22/2010 07:53 AM, Ralf Corsepius wrote:
On 01/22/2010 01:22 PM, Tomas Mraz wrote:
These are checksums required by FIPS-140-2 integrity verification checks
of the fipscheck and ssh binaries.
I.e. package data.
= These packages are
On Fri, Jan 22, 2010 at 4:11 PM, Ralf Corsepius rc040...@freenet.de wrote:
On 01/22/2010 04:24 PM, Przemek Klosowski wrote:
On 01/22/2010 07:53 AM, Ralf Corsepius wrote:
On 01/22/2010 01:22 PM, Tomas Mraz wrote:
These are checksums required by FIPS-140-2 integrity verification
checks
On 01/22/2010 01:53 PM, Ralf Corsepius wrote:
On 01/22/2010 01:22 PM, Tomas Mraz wrote:
On Fri, 2010-01-22 at 12:41 +0100, Ralf Corsepius wrote:
Hi,
On FC12 I found this:
# ls /usr/bin/.*.hmac
/usr/bin/.fipscheck.hmac
/usr/bin/.ssh.hmac
# rpm -qf /usr/bin/.*.hmac
-Original Message-
From: devel-boun...@lists.fedoraproject.org
[mailto:devel-boun...@lists.fedoraproject.org] On Behalf Of
Denis Leroy
Sent: Friday, January 22, 2010 8:34 AM
To: Development discussions related to Fedora
Subject: Re: FC12: Hidden files in /usr/bin/*
*snip
On Fri, Jan 22, 2010 at 8:03 PM, Tom Lane t...@redhat.com wrote:
The separate /lib directory tree seems the way to go, to me. That way
/usr/share instead of /lib seems more appropriate -
m
--
martin.langh...@gmail.com
mar...@laptop.org -- School Server Architect
- ask interesting
On 01/22/2010 02:03 PM, Tom Lane wrote:
Przemek Klosowski przemek.klosow...@nist.gov writes:
On 01/22/2010 11:11 AM, Ralf Corsepius wrote:
Does it really mandate pollution /usr/bin and thus $PATH?
OK, I see, you don't object to the checksums in principle, just to the
location of the files.
Martin Langhoff wrote:
/usr/share instead of /lib seems more appropriate -
/usr/share is for architecture-independent files. These checksums are as
architecture-specific as the executables they pertain to. But they should be in
/usr/lib*/subdirectory, not in /lib.
Björn Persson
On 01/22/2010 05:30 PM, Matt Domsch wrote:
On Fri, Jan 22, 2010 at 03:06:24PM -0500, Peter Jones wrote:
Well, the standard IIRC does want them to be separate, though again it's
important to realize that this check isn't meant to protect against an
attack, but rather to check against erroneous
16 matches
Mail list logo
