Ack! I've been rooted...
alan
alan at clueserver.org
Fri Feb 2 17:22:41 UTC 2007
On Fri, 2 Feb 2007, Mark Knoop wrote:
> On 02/02/07, Steven W. Orr <steveo at syslang.net> wrote:
>> I read this thread and I have a question on why this problem is not
>> handled in a more direct approach instead of the blood&guts reload
>> approach: If you simply reinstall the rpm package (something like)
>>
>> rpm --replacepkgs -vh rpm-4.4.1-22.i386.rpm
>>
>> then you know that the binaries are good. From there all you have to do is
>
> Well that's not quite true, is it. Presumably you suggest is to
> reinstall rpm because of the possibility that it has been hacked. But
> if you're using a hacked version of rpm to reinstall it, you can't be
> sure that it is doing as it is supposed to - i.e. the hacked rpm could
> be just spitting the package into /dev/null whilst appearing to
> reinstall it.
If the immutable file is set on any of the hacked binaries, it will also
fail to install. (Checking for the immutable flag is an easy way to check
for many rootkits.)
--
"Invoking the supernatural can explain anything, and hence explains nothing."
- University of Utah bioengineering professor Gregory Clark
More information about the fedora-list
mailing list