FC12: Hidden files in /usr/bin/*
tmraz at redhat.com
Fri Jan 22 16:24:40 UTC 2010
On Fri, 2010-01-22 at 17:08 +0100, Martin Langhoff wrote:
> On Fri, Jan 22, 2010 at 5:04 PM, Tomas Mraz <tmraz at redhat.com> wrote:
> > No, it does not prevent malicious attacker from subverting the
> > executable. The integrity check prevents just inadvertent modification
> > of the executables/libraries which contain the certified code.
> Like prelink? ;-)
Yes, for example. That's why prelink must be disabled when the machine
is running in the FIPS compliant mode.
No matter how far down the wrong road you've gone, turn back.
More information about the devel