On Jun 16, 2009, at 2:01 PM, James Carlson wrote: > Chris Quenelle writes: >> 1. list of headers without version info (generated by compiler, put >> into .o) >> >> 2. complete URL pointing at web-based tree of headers including >> hash code >> The hash code would be retrieved from the system at compile time. > > If the hash were based on contents (such as MD5), rather than embedded > #pragmas, then you'd have a fairly good guarantee that nobody did > "sudo vi /usr/include/stdio.h" and then lied about it. That alone > might be pretty useful.
pkg(5) stores a hash of each file delivered by a package and pkg verify can be used to ensure that files haven't been changed. I don't know what SVR4 does... Cheers, -- Shawn Walker
