prelink: is it worth it?
Till Maas
opensource at till.name
Thu Jul 9 15:59:32 UTC 2009
On Thu July 9 2009, yersinia wrote:
> But something one have to pay a security prize on not disabling it : it
> render impossible to have a
> centralizzated security integrity management (e.g. rfc.sf.net for example)
> or one have to skip from check the prelink binary. Very bad i think.
You pay a security prize if you disable prelink, because it also performs
address space randomization:
http://lwn.net/Articles/190139/
Btw. you can also patch the remote integrity checker to use prelink to either
get a checksum of the perlinked binary or undo the prelinking before checking
it.
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090709/77c52f72/attachment.sig>
More information about the fedora-devel-list
mailing list