Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
On Sun, Jan 19, 2003 at 02:30:51PM -0800, Stephen Zander wrote:
> >>>>> "Daniel" == Daniel Jacobowitz <firstname.lastname@example.org> writes:
> Daniel> On Mon, Jan 13, 2003 at 09:42:01AM -0600, Adam Heath
> Daniel> wrote:
> >> And I certainly hope tripwire is *not* modified to support such
> >> a broken as designed system.
> >> (the reason this is broken, is because one must run an
> >> untrusted binary to check if the file has been modified)
> Daniel> Oh, Adam, that's blatantly ridiculous. Think about it.
> Daniel> You take whatever you do to dpkg and libc6 and tripwire in
> Daniel> order to trust them and do it with prelink also. Then
> Daniel> it's a trusted binary.
> Tripwire doesn't rely on *any* outside objects, it's built static to
> explicitly avoid such issues so all you're left having to trust is the
> tripwire executable itself.
> As for relying on file checksums, depnds what you mean by "checksum".
> If SHA-1 is a checksum, then tripwire is not for you.
> Stephen (tripwire maintainer)
Then you turn prelink into a library and statically link to it, or you
link it statically and store it with the tripwire binary; it is
literally no increased exposure to do that unless you're concerned
about not trusting the exec() call, in which case you're too paranoid
to be running on your current kernel.
This is all easily solvable.
MontaVista Software Debian GNU/Linux Developer