Bug 126434 - RFE: Facility for documenting changes to installed binaries
RFE: Facility for documenting changes to installed binaries
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
Mike McLean
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-06-21 12:31 EDT by Josh Rollyson
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-06-21 15:23:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Rollyson 2004-06-21 12:31:52 EDT
126395 was closed without an acceptable resolution.

I realize that invalidating signed headers is a problem. So store
additional information OUTSIDE of the signed headers, or allow
"supplemental" headers signed by the administrator.


 Opened by Josh Rollyson (jrollyson@2mbit.com) on 2004-06-21 03:41

Certian utilities in common use make changes to installed files, which
are reported by rpm when verifying installed files.

As many administrators use the verification features of RPM for
integrity checking, it would be useful if a facility for updating MD5
and SHA1 sums was provided. This would require storing the checksum
from the time of installation, a checksum of a modification, and a
documented reason for modiification (ie "automated prelink run -
22Feb2004")

rpm could then be instructed to either not report "authorized"
modifications, or to clearly indicate in a verification report when a
package matches the "installed" checksum rather than the "packaged"
checksum.


------- Additional Comment #1 From Jeff Johnson (jbj@redhat.com) on
2004-06-21 09:33 -------

rpm goes beyond simple digest checks on modified files
already, signatures are checked whenever headers which
contain file md5 digests are read.

Permitting modifications to files to be reflected
in the md5 digests within a signed header weakens
the security check by voiding the package signature.

Use aide or tripwire instead if you want to modify
file md5 digests.
Comment 1 Jeff Johnson 2004-06-21 15:23:43 EDT
Legacy compatibility prevents attempting. Changing the
way that rpm handles signatures takes a lot of legacy
engineering, and creates Yet Another complexity to
installing packages. The cost outweighs the benefit by
several oreders of magnitude imho.

Try tripwire or aide instead.

Note You need to log in before you can comment on or make changes to this bug.