Re: rootkit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: rootkit?
From: James Wilkinson <fedora@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 11 Dec 2005 17:33:13 +0000
In-reply-to: <1134289871.28658.1.camel@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <200512110031.03504.gene.heskett@xxxxxxxxxxx> <1134279327.31877.45.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <200512110045.23394.gene.heskett@xxxxxxxxxxx> <1134280282.3320.68.camel@xxxxxxxxxxxxx> <f84880b00512102159g4718f0aanabae7ffb73cb308c@xxxxxxxxxxxxxx> <1134281336.31877.52.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <f84880b00512102220w36c3b946o5e662abe408f2ba@xxxxxxxxxxxxxx> <1134283076.31877.62.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1134289202.3177.6.camel@xxxxxxxxxxxxxxxxxxxxx> <1134289871.28658.1.camel@xxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mutt/1.4.2.1i

Michael A. Peters wrote:
> Sun use to (still does?) allow you to enter an md5sum and it would tell
> you exactly what file it matched, along with what patch level.

Ralf Corsepius replied:
> rpm based systems have "rpm {-V|--verify}", which provide a comparable
> feature.

Unfortunately, this is pretty useless if you can't trust the RPM
database.

And on a compromised machine, you can't trust the RPM database.

And, unfortunately, prelinking means that you can't even compare them to
a "known good" machine.

James.

-- 
E-mail address: james | "We completely deny the allegations, and we're
@westexe.demon.co.uk  | trying to identify the alligators."

Follow-Ups:
- Re: rootkit?
  - From: Tony Nelson
- Re: rootkit?
  - From: Ralf Corsepius

References:
- rootkit?
  - From: Gene Heskett
- Re: rootkit?
  - From: Craig White
- Re: rootkit?
  - From: Gene Heskett
- Re: rootkit?
  - From: Scot L. Harris
- Re: rootkit?
  - From: Kam Leo
- Re: rootkit?
  - From: Craig White
- Re: rootkit?
  - From: Kam Leo
- Re: rootkit?
  - From: Craig White
- Re: rootkit?
  - From: Michael A. Peters
- Re: rootkit?
  - From: Ralf Corsepius

Prev by Date: Re: [OT] Comments: Evolution - Sylpheed Claws
Next by Date: Manual mounting of a video DVD
Previous by thread: Re: rootkit?
Next by thread: Re: rootkit?
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]