FC12: Hidden files in /usr/bin/*
Jarod Wilson
jarod at wilsonet.com
Fri Jan 22 17:13:06 UTC 2010
On Fri, Jan 22, 2010 at 12:10 PM, Jarod Wilson <jarod at wilsonet.com> wrote:
> On Fri, Jan 22, 2010 at 11:23 AM, Garrett Holmstrom
> <gholms.fedora at gmail.com> wrote:
>> On Fri, Jan 22, 2010 at 10:11 AM, Ralf Corsepius <rc040203 at freenet.de> wrote:
>>>> - in some circumstances (government, regulated companies) encryption
>>>> must be certified to the FIPS 140-2 standard
>>>
>>> I don't know this "standard".
>>>
>>> May-be this "fips standard" collides with the FHS, may-be this standard
>>> is defective?
>>>
>>> Do you have a pointer/reference to this "standard"? Does it really
>>> mandate pollution /usr/bin and thus $PATH?
>>
>> FIPS 140-2 is a US government standard for crypto system security.
>> Its full text is available at
>> http://csrc.nist.gov/groups/STM/cmvp/standards.html if you're
>> interested.
>>
>> I have no idea if it actually requires them to be alongside the
>> executables, but hopefully the link will help.
>
> It doesn't. Also, ugh. I'm the one who actually reviewed hmaccalc to
> get included in Red Hat Enterprise Linux 5 (a separate review from the
> Fedora one), and pointed out this same problem, and it was done
> properly for RHEL5:
>
> $ rpm -ql hmaccalc
> /usr/bin/sha1hmac
> /usr/bin/sha256hmac
> /usr/bin/sha384hmac
> /usr/bin/sha512hmac
> /usr/lib64/hmaccalc
> /usr/lib64/hmaccalc/sha1hmac.hmac
> /usr/lib64/hmaccalc/sha256hmac.hmac
> /usr/lib64/hmaccalc/sha384hmac.hmac
> /usr/lib64/hmaccalc/sha512hmac.hmac
> /usr/share/doc/hmaccalc-0.9.6
> /usr/share/doc/hmaccalc-0.9.6/LICENSE
> /usr/share/doc/hmaccalc-0.9.6/README
> /usr/share/man/man8/sha1hmac.8.gz
> /usr/share/man/man8/sha256hmac.8.gz
> /usr/share/man/man8/sha384hmac.8.gz
> /usr/share/man/man8/sha512hmac.8.gz
>
> It should be simple enough to just update the Fedora packages with the
> changes in RHEL5 and we can all go eat cake. But first, I'm going to
> go play some pickup soccer...
Oh. Wait. Crap. We're talking about packages other than hmaccalc
itself that do integrity checks. But I do agree with Ralf here, the
checksum files don't belong in /usr/bin/, and there's no
standard-based need for them to be there.
--
Jarod Wilson
jarod at wilsonet.com
More information about the devel
mailing list