From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070313 Fedora/1.5.0.10-5.fc6 Firefox/1.5.0.10 Description of problem: when doing a md5sum /sbin/sulogin it will most likely echo different hash sums for each machine even if it is on the same architecture (i386 in my case.) I had a slight HD problem and thought it would be a good idea to md5sum all bin and lib to check if there were more errors on other files. HD problem machine: 2012ee3d1392e3d3a1e54ed208dec755 sulogin Working machine without any problem: 3ccf82825c23abb4ba3fce2e55946579 sulogin FC 6 Minimal clean install and not used (base line): 66b0cc2eb2837911eef67eb25b65896d sulogin Using hexedit on the file it is apparent that the differences are in the same spots but they are all different variations so its not due to HD failiure. Version-Release number of selected component (if applicable): Same issue on RHEL 4 too as well as current FC6 How reproducible: Always Steps to Reproduce: 1. Choose a couple of machines with the same patch level and install 2. md5sum /sbin/sulogin 3. compare the result Actual Results: All my machines had different m5sums. I reproduced this on prior version of FC and RHEL. Expected Results: Well in a perfect world it would be identical or we should be able to know why it isn't identical (like fundamental gcc setting differences causing breakage... like gaim/pydgin not working properly although the code is correct.) Additional info: This is not necessarily a bug BUT it makes auditing a system a completely futile endeavor.
This is the result of prelink adding randomization to the binaries. I suggest you see this Wikipedia article: http://en.wikipedia.org/wiki/Prelinking I suggest you rely on rpm -K to verify file integrity.
Thanks about the prelink explanation. But rpm -K works only at install time and I am using that. However I need to know binary integrity long after the install and specifically after I encounter problems or if machine is allegedly compromised.
I'm sorry, I meant rpm -V, not -K. -V is verify, it can show you differences between the rpm database and the filesystem.
Doh! Yeah that definitely does exactly what I want. Thank you and sorry for using bugzilla in this case.