[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: And now for something completely different... etch!

Ian Campbell <ijc@hellion.org.uk> writes:

> I might be talking out of my arse (99% probability ;-)) but I thought
> I'd heard that it was possible to store the pre-linking information
> separately to the binaries, under /var/cache or something for example.

> Am/was I imagining things?

One of the points of the md5sum verification is to ensure that the
binaries haven't been tampered with.  If one can tamper with the binaries
by modifying some file in /var/cache instead, doesn't that just
reintroduce the same problem?

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Reply to: