Description of problem: 1000-s of binary systemfiles like e.g. /usr/X11R6/lib/libX11.so.6.2 seem to have changed length or contents after some days, while the date (time-stampt) of the file remains unchanged. Version-Release number of selected component (if applicable): Fedora Core 1.0 How reproducible: reliably with following shell-script: ================================================= drive=$1 MNT=/mnt/cdrom mount $drive $MNT cd / find . -mount -type f -print|grep -v "/usr/src/linux"|while read file;do echo ==== "$file" ==== l1=`ls -l "$file"|awk '{print $6,$7,$8}'` sum1=`sum "$file"` if [ -f $MNT/"$file" ];then l2=`ls -l $MNT/"$file"|awk '{print $6,$7,$8}'` sum2=`sum $MNT/"$file"` if [ "$sum1" != "$sum2" ];then ls -l "$file" $MNT/"$file" echo sum1= $sum1 sum2= $sum2 if [ "$l1" != "$l2" ];then echo "$file" changed else echo "$file" corrupted!!! $sum1 cp -p "$file" $MNT/"$file" sum3=`sum "$file"` sum2=`sum $MNT/"$file"` echo sum1= $sum1 sum2= $sum2 sum3= $sum3 if [ "$sum1" != "$sum2" -o "$sum1" != "$sum3" ];then echo BAZD MEG!!! fi fi fi else echo "$file" not found !!! fi done >/tmp/difflist 2>&1 ================================================================ Steps to Reproduce: 1. install Fedora in your work-partition and do you everyday jobs. 2. install Fedora in a second partition as reference 3. Boot the reference-system after few days and check the work-partition by running the listed shell-procedure. Actual results: The listed shell-procedure reports 1000-s of systemfiles, which shouldn't have been changed, to be corrupted: Either the length or only the checksum is changed, while the date of the last change remained unchanged. Expected results: 1) I think that binary executables or shared objects should be never changed. 2) But if they are - whyever - changed then the date of the last change should be updated as well. Additional info: Even more frustrating is the fact that the described phenomen does not effect the integrity of the work-partition, as far as I can see it works without any crash. Do I anything wrong? Could you explain what I see???
This sounds like a normal consequence of prelink.
Yeah. If you want to verify that nobody but prelink tempered with the binaries or libraries, you can use rpm -V or run prelink --verify directly. Or sed -i s/PRELINKING=yes/PRELINKING=no/ /etc/sysconfig/prelink if you don't want prelinking and prefer unchanging binaries/libraries.