[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking

>>>>> "Daniel" == Daniel Jacobowitz <dan@debian.org> writes:
    Daniel> On Mon, Jan 13, 2003 at 09:42:01AM -0600, Adam Heath
    Daniel> wrote:
    >> And I certainly hope tripwire is *not* modified to support such
    >> a broken as designed system.
    >> (the reason this is broken, is because one must run an
    >> untrusted binary to check if the file has been modified)

    Daniel> Oh, Adam, that's blatantly ridiculous.  Think about it.
    Daniel> You take whatever you do to dpkg and libc6 and tripwire in
    Daniel> order to trust them and do it with prelink also.  Then
    Daniel> it's a trusted binary.

Tripwire doesn't rely on *any* outside objects, it's built static to
explicitly avoid such issues so all you're left having to trust is the
tripwire executable itself.

As for relying on file checksums, depnds what you mean by "checksum".
If SHA-1 is a checksum, then tripwire is not for you.

Stephen (tripwire maintainer)

"And what do we burn apart from witches?"... "More witches!"

Reply to: