Eternal 'good file hashes' list

nodata lsof at nodata.co.uk
Tue Oct 20 22:00:23 UTC 2009


Am 2009-10-20 23:48, schrieb Till Maas:
> On Tue, Oct 20, 2009 at 10:20:17AM +0200, Tomas Mraz wrote:
>
>> What would this be good for? Actually for some files it would be a known
>> bad file hashes because these files (binaries or scripts) would contain
>> known vulnerabilities and so knowing that you have a file that was once
>> included in Fedora does not guarantee you almost anything.
>
> Having a hash list of well known files might also help in forensics
> analysis to find suspicious files. Also with determining the correct RPM
> NVR one could use the repo metadata to check wether there are known
> vulnerabilities for certain files or just to detect that the file is not
> from an uptodate RPM.
>
> Regards
> Till
>

How is this check going to be done?

Is the filesystem going to be mounted in a known clean environment? If 
not, what's the point?

If yes, how do you know the filesystem hasn't been returned to a clean 
state?




More information about the fedora-devel-list mailing list