prelink: is it worth it?
Jakub Jelinek
jakub at redhat.com
Thu Jul 9 15:12:17 UTC 2009
On Thu, Jul 09, 2009 at 05:07:05PM +0200, yersinia wrote:
> But something one have to pay a security prize on not disabling it : it
> render impossible to have a
> centralizzated security integrity management (e.g. rfc.sf.net for example)
> or one have to skip from check the prelink binary. Very bad i think.
That's what prelink -y is for, it verifies the binary would prelink from
unprelinked state to bitwise same file and gives you the bits before
prelinking, which you can use for verification.
rpm -V uses this, why can't other security integrity apps do the same?
Jakub
More information about the fedora-devel-list
mailing list