On Fri, 2 Feb 2007, Mark Knoop wrote:
On 02/02/07, Steven W. Orr <steveo@xxxxxxxxxxx> wrote:
I read this thread and I have a question on why this problem is not
handled in a more direct approach instead of the blood&guts reload
approach: If you simply reinstall the rpm package (something like)
rpm --replacepkgs -vh rpm-4.4.1-22.i386.rpm
then you know that the binaries are good. From there all you have to do is
Well that's not quite true, is it. Presumably you suggest is to
reinstall rpm because of the possibility that it has been hacked. But
if you're using a hacked version of rpm to reinstall it, you can't be
sure that it is doing as it is supposed to - i.e. the hacked rpm could
be just spitting the package into /dev/null whilst appearing to
reinstall it.
If the immutable file is set on any of the hacked binaries, it will also
fail to install. (Checking for the immutable flag is an easy way to check
for many rootkits.)
--
"Invoking the supernatural can explain anything, and hence explains nothing."
- University of Utah bioengineering professor Gregory Clark
