Bug 126395 - RFE: Facility for documenting changes to installed binaries
Summary: RFE: Facility for documenting changes to installed binaries
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-06-21 07:41 UTC by Josh Rollyson
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-06-21 13:33:40 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Josh Rollyson 2004-06-21 07:41:35 UTC 
Certian utilities in common use make changes to installed files, which
are reported by rpm when verifying installed files.

As many administrators use the verification features of RPM for
integrity checking, it would be useful if a facility for updating MD5
and SHA1 sums was provided. This would require storing the checksum
from the time of installation, a checksum of a modification, and a
documented reason for modiification (ie "automated prelink run -
22Feb2004")

rpm could then be instructed to either not report "authorized"
modifications, or to clearly indicate in a verification report when a
package matches the "installed" checksum rather than the "packaged"
checksum.
Comment 1 Jeff Johnson 2004-06-21 13:33:40 UTC 
rpm goes beyond simple digest checks on modified files
already, signatures are checked whenever headers which
contain file md5 digests are read.

Permitting modifications to files to be reflected
in the md5 digests within a signed header weakens
the security check by voiding the package signature.

Use aide or tripwire instead if you want to modify
file md5 digests.
Note You need to log in before you can comment on or make changes to this bug.