[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Securing the RPM Database

From: David Christensen <David_Christensen Phoenix com>
To: rpm-list redhat com
Subject: Securing the RPM Database
Date: Fri, 5 Oct 2001 10:34:00 -0700

RPM provides some nice utilities for verifying installed packages, but how
does one secure the RPM database itself?  It seems that an attacker could
modify any system files desired and then modify the RPM database to cover
their tracks.  What would be a simple yet effective mechanism for preventing
this?  (And please don't mention products like tripwire which would be
overkill in an embedded application.)

David Christensen

Follow-Ups:
- Re: Securing the RPM Database
  - From: Jeff Johnson <jbj@JBJ.ORG>
- Re: Securing the RPM Database
  - From: Harry Putnam <reader@newsguy.com>
- Re: Securing the RPM Database
  - From: Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []