Bug 115047
Summary: | rpm -Va on freshly installed machine shows multiple modified binaries | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Chris Kloiber <ckloiber> | ||||||||
Component: | distribution | Assignee: | Jeff Johnson <jbj> | ||||||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 3.0 | CC: | djuran, herrold, tao | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | x86_64 | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2004-10-07 03:40:07 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 108098, 123574, 130128 | ||||||||||
Attachments: |
|
Description
Chris Kloiber
2004-02-05 21:16:01 UTC
Created attachment 97501 [details]
list of modified binaries.
Can you attach rpm -qa --qf '%{name}%{version}-%{release}.%{arch}' output so's I can see what's what? rpm -qa --last prolly helpful as well. Tnx. Created attachment 97563 [details]
With linefeeds and sorted for readability
Created attachment 97564 [details]
Also sorted for readability
I don't think this should be in NEEDINFO. Changing to ASSIGNED. While I understand the expectation that "No output is AOK" from rpm -Va, the files -- in fact -- have been changed by installing both ix86 and x86_64 binaries. Changing the output of rpm -Va to conform to expectations has deep security implications for all users, and any change to rpm -Va behavior to accomodate "No output is AOK" would then violate other expectations. I prefer leaving the existing and traditional behavior which reports (expectationally) false positives rather than changing -Va to pretend that files have not changed (when they have) by implementing false negative output. Sure additional options could have it both ways. The issue then becomes what is the default, which, of necessity, is exactly what is currently happening. WONTFIX is my call, the final call is not mine. But what happens if I remove the 64-bit package, leaving the 32-bit package installed? Don't I end up without the 32-bit binary that should have remained there? I really think the notion of silently overwriting binaries is a misguided one, unless rpm were to save the 32-bit files somewhere it could restore them later. And if it does save them, it might as well check those files instead, and you won't get any false positives. This should be implemented in latest rpm-4.3.2. Note that you will need install with the latest rpm-4.3.2, as the change was to mark replaced files in the database, so either fresh install or pkg reinstall is needed to change the marking. |