Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking

To: debian-devel@lists.debian.org
Subject: Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
From: Colin Walters <walters@debian.org>
Date: 13 Jan 2003 13:03:44 -0500
Message-id: <[🔎] 1042481024.32350.10.camel@space-ghost>
In-reply-to: <[🔎] Pine.LNX.4.33.0301130931400.2080-100000@gradall.private.brainfood.com>
References: <[🔎] Pine.LNX.4.33.0301130931400.2080-100000@gradall.private.brainfood.com>

On Mon, 2003-01-13 at 10:42, Adam Heath wrote:

> (the reason this is broken, is because one must run an untrusted binary to
> check if the file has been modified)

Anyone who is relying on file checksums (alone) for system security is
deluded at best.  There is another good reason to have file checksums:
namely to see if say another system administrator accidentally did echo
foo >/usr/lib/libbar.so or something.  I also like getting mails from
integrit after another system administrator used apt-get to install
something.

So prelinking isn't broken, it is systems which rely on file checksums
alone for security that are broken.

Since there are legitimate uses for changing files outside of dpkg, I
think it is a bad idea for us to take a stance explicitly against it.  I
suspect that we will be alone in that viewpoint or close to it among
vendors of GNU/Linux.

Reply to:

References:
- (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Adam Heath <doogie@debian.org>

Prev by Date: Re: Make debconf mandatory for prompting the user
Next by Date: Re: NVidia and Chroot environment SOLVED
Previous by thread: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
Next by thread: Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
Index(es):
- Date
- Thread