Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
Agreed you have a point there on the untrusted binary. I haven't looked
at the most recent rpm sources to see if they are running an external
copy of prelink to verify the binary or if they have embedded that
functionality into rpm. I would think that embedding the prelink --verify
code into rpm and dpkg should eliminate the grounds for your concerns
about trustworthy programs.
As to the concept of modifying the binaries, have you actually
installed prelink so you can read the man page? What it is doing is
not unheard of. SGI does this sort of thing in Irix with QuickRestarting
and Apple does it in MacOS X with their prebinding. As far as I know
all of these approaches modify the binaries by their very nature.