Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking

To: debian-devel@lists.debian.org
Subject: Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
From: Matt Zimmerman <mdz@debian.org>
Date: Sun, 26 Jan 2003 23:14:42 -0500
Message-id: <[🔎] 20030127041442.GQ30767@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87wul0g4bo.fsf@rabbit.fire-swamp.net>
References: <[🔎] 200301131352.IAA08938@bromo.msbb.uc.edu> <[🔎] Pine.LNX.4.33.0301130931400.2080-100000@gradall.private.brainfood.com> <[🔎] 20030113213104.GB17799@nevyn.them.org> <[🔎] 87wul0g4bo.fsf@rabbit.fire-swamp.net>

On Sun, Jan 19, 2003 at 02:30:51PM -0800, Stephen Zander wrote:

> Tripwire doesn't rely on *any* outside objects, it's built static to
> explicitly avoid such issues so all you're left having to trust is the
> tripwire executable itself.

And the kernel...and the execution environment...are you really running the
binary that you think you are?  Are you really seeing its output?

This kind of verification requires a trusted system, from the ground up, in
order to be trustworthy.  Nothing less will do.  Whatever programs are
necessary to perform the verification must reside on, and only be accessible
by, the trusted system.

Prelinking, it would seem, adds another program to the list of things that
must be maintained in the trusted system, and also complicates the
verification process by interposing an unprelinking step before any
prelinked binaries can be verified.

I don't understand why the original binary needs to be modified in order to
provide this performance increase.  But then, I haven't bothered to
investigate prelinking either.

-- 
 - mdz

Reply to:

References:
- Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Jack Howarth <howarth@bromo.msbb.uc.edu>
- (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Adam Heath <doogie@debian.org>
- Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Daniel Jacobowitz <dan@debian.org>
- Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Stephen Zander <gibreel@debian.org>

Prev by Date: Re: Just the usual rant: Debian VS legal problems (MPlayer, xine, libavcodec)
Next by Date: Re: Just the usual rant: Debian VS legal problems (MPlayer, xine, libavcodec)
Previous by thread: Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
Next by thread: UNIVERSIDAD EN LINEA
Index(es):
- Date
- Thread