>If the problem is identifying where the binary came from then >the fingerprint database stored on sunsolve.sun.com solves that problem >using MD5 hashes of the files. It does however only work for Solaris >not all distros. It works for all officially distributed bits, >including patches and releases back at least as far as 2.5.1 and some >unbundled products as well.
As far back as Solaris 2.0, actually :-) >Another way to find out if the binary is "official" and not rouge is to >use elfsign(1) verify. I don't believe distros other than Sun's sign >non crypto binaries - but they could if the wanted to (the instructions >for doing so are on my blog). > >We also have the /system/object file system where you can check hashes >of the currently in kernel files. > >My vote is to remove ALL version numbers from kernel modules they aren't >actually meaningfull in my opinion. > >The output of what(1) on the other hand is reasonable to keep. "mcs -p", IMHO, is a more structured approach as it is not depending on SCCS ids (which we'll be moving away from, I suspect) Casper _______________________________________________ tools-discuss mailing list tools-discuss@opensolaris.org
