[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking

* Adam Heath 

| On Mon, 13 Jan 2003, Jack Howarth wrote:
| 
| > Adam,
| >     Jakub apparently disputes the notion that prelink is
| > ever an untrusted binary. He explicitly builds it with
| > static linking which means prelink can't modify itself.
| > He says that one just needs to do a trivial md5sum
| > check on the prelink binary before using it.
| 
| and what if md5sum is also hacked?

Have an internal md5sum in dpkg?  Which I believe you will need for
the verification anyhow.  (Else, you'll trust the external md5sum and
that's something you want to avoid.)

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-
Reply to: