Eternal 'good file hashes' list
nodata
lsof at nodata.co.uk
Tue Oct 20 22:00:23 UTC 2009
Am 2009-10-20 23:48, schrieb Till Maas:
> On Tue, Oct 20, 2009 at 10:20:17AM +0200, Tomas Mraz wrote:
>
>> What would this be good for? Actually for some files it would be a known
>> bad file hashes because these files (binaries or scripts) would contain
>> known vulnerabilities and so knowing that you have a file that was once
>> included in Fedora does not guarantee you almost anything.
>
> Having a hash list of well known files might also help in forensics
> analysis to find suspicious files. Also with determining the correct RPM
> NVR one could use the repo metadata to check wether there are known
> vulnerabilities for certain files or just to detect that the file is not
> from an uptodate RPM.
>
> Regards
> Till
>
How is this check going to be done?
Is the filesystem going to be mounted in a known clean environment? If
not, what's the point?
If yes, how do you know the filesystem hasn't been returned to a clean
state?
More information about the fedora-devel-list
mailing list