prelink: is it worth it?
opensource at till.name
Thu Jul 9 15:59:32 UTC 2009
On Thu July 9 2009, yersinia wrote:
> But something one have to pay a security prize on not disabling it : it
> render impossible to have a
> centralizzated security integrity management (e.g. rfc.sf.net for example)
> or one have to skip from check the prelink binary. Very bad i think.
You pay a security prize if you disable prelink, because it also performs
address space randomization:
Btw. you can also patch the remote integrity checker to use prelink to either
get a checksum of the perlinked binary or undo the prelinking before checking
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090709/77c52f72/attachment.bin
More information about the devel