On Fri, 2010-01-22 at 17:08 +0100, Martin Langhoff wrote:
On Fri, Jan 22, 2010 at 5:04 PM, Tomas Mraz tmraz@redhat.com wrote:
No, it does not prevent malicious attacker from subverting the executable. The integrity check prevents just inadvertent modification of the executables/libraries which contain the certified code.
Like prelink? ;-)
Yes, for example. That's why prelink must be disabled when the machine is running in the FIPS compliant mode.