[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Eternal 'good file hashes' list

Am 2009-10-20 23:48, schrieb Till Maas:
On Tue, Oct 20, 2009 at 10:20:17AM +0200, Tomas Mraz wrote:

What would this be good for? Actually for some files it would be a known
bad file hashes because these files (binaries or scripts) would contain
known vulnerabilities and so knowing that you have a file that was once
included in Fedora does not guarantee you almost anything.

Having a hash list of well known files might also help in forensics
analysis to find suspicious files. Also with determining the correct RPM
NVR one could use the repo metadata to check wether there are known
vulnerabilities for certain files or just to detect that the file is not
from an uptodate RPM.


How is this check going to be done?

Is the filesystem going to be mounted in a known clean environment? If not, what's the point?

If yes, how do you know the filesystem hasn't been returned to a clean state?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]