Bug 183069
Summary: | rkhunter says clean, but file sizes differ??? | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | james |
Component: | rkhunter | Assignee: | Greg Houlette <tamaster> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | extras-qa |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-02-26 05:22:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
james
2006-02-26 00:12:08 UTC
*** Bug 183070 has been marked as a duplicate of this bug. *** *** Bug 183071 has been marked as a duplicate of this bug. *** *** Bug 183072 has been marked as a duplicate of this bug. *** *** Bug 183073 has been marked as a duplicate of this bug. *** this is most likely an issue with prelink. to verify run prelink -ua and then double check what they show then. from man prelink prelink is a program which modifies ELF shared libraries and ELF dynamically linked binaries, so that the time which dynamic linker needs for their relocation at startup significantly decreases and also due to fewer relocations the run-time memory consumption decreases too (especially number of unshareable pages). Such prelinking information is only used if all its dependant libraries have not changed since prelinking, otherwise programs are relocated normally. prelink first collects ELF binaries which should be prelinked and all the ELF shared libraries they depend on. Then it assigns a unique virtual address space slot for each library and relinks the shared library to that base address. When the dynamic linker attempts to load such a library, unless that virtual address space slot is already occupied, it will map it into the given slot. After this is done, prelink with the help of dynamic linker resolves all relocations in the binary or library against its dependant libraries and stores the relocations into the ELF object. It also stores a list of all dependant libraries together with their checksums into the binary or library. For binaries, it also computes a list of conflicts (relocations which resolve differently in the binaryĆ¢s symbol search scope than in the smaller search scope in which the dependant library was resolved) and stores it into a special ELF section. At runtime, the dynamic linker first checks whether all dependant libraries were successfully mapped into their designated address space slots and whether they have not changed since the prelinking was done. If all checks are successful, the dynamic linker just replays the list of conflicts (which is usually significantly shorter than total number of relocations) instead of relocating each library. Sorry about the duplicates. Opera and Bugzilla do not play nicely together. It
was running on automatic before I stopped it.
> this is most likely an issue with prelink. to verify run prelink -ua
Yes, that seems to solve the mystery. Live and learn... and no root kit.
Thanks.
BTW, do you think "rpm -V" should say something about the "prelink" change to
the files? It seems odd otherwise.
"rpm -V" is aware of prelinking. Reading from the rpm man page, there is no mention of "prelink", or that a file size has been changed by prelink: The format of the output is a string of 8 characters, a possible attribute marker: c %config configuration file. d %doc documentation file. g %ghost file (i.e. the file contents are not included in the package payload). l %license license file. r %readme readme file. Otherwise, the (mnemonically emBoldened) character denotes failure of the corresponding --verify test: S file Size differs M Mode differs (includes permissions and file type) 5 MD5 sum differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs The rpm -V command could be enhanced with an additional "attribute marker": p %prelink this file has been modified by prelink. The file size and md5 sum may differ from the original file. |