prelink: is it worth it?

yersinia yersinia.spiros at gmail.com
Thu Jul 9 18:15:17 UTC 2009


On Thu, Jul 9, 2009 at 5:59 PM, Till Maas <opensource at till.name> wrote:

> On Thu July 9 2009, yersinia wrote:
>
> > But something one have to pay a security prize on not disabling it :  it
> > render impossible to have a
> > centralizzated security integrity management (e.g. rfc.sf.net for
> example)
> > or one have to skip from check the prelink binary. Very bad i think.
>
> You pay a security prize if you disable prelink, because it also performs
> address space randomization:
> http://lwn.net/Articles/190139/
>

Strange enough this authorative refs, imho, not cited prelink as a security
feature
for aslr :=)
http://www.awe.com/mark/blog/200801070918.html

Btw, the reality is more complex this days. Details omitted, this is not a
security mailing list.

Regards


> Btw. you can also patch the remote integrity checker to use prelink to
> either
> get a checksum of the perlinked binary or undo the prelinking before
> checking
> it.
>
> Regards
> Till
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090709/1471fed1/attachment.htm>


More information about the fedora-devel-list mailing list