Red Hat Bugzilla – Bug 236306
md5sum on important bin files not equal on different machines
Last modified: 2007-11-30 17:12:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:184.108.40.206) Gecko/20070313 Fedora/220.127.116.11-5.fc6 Firefox/18.104.22.168
Description of problem:
when doing a md5sum /sbin/sulogin it will most likely echo different hash sums for each machine even if it is on the same architecture (i386 in my case.)
I had a slight HD problem and thought it would be a good idea to md5sum all bin and lib to check if there were more errors on other files.
HD problem machine:
Working machine without any problem:
FC 6 Minimal clean install and not used (base line):
Using hexedit on the file it is apparent that the differences are in the same spots but they are all different variations so its not due to HD failiure.
Version-Release number of selected component (if applicable):
Same issue on RHEL 4 too as well as current FC6
Steps to Reproduce:
1. Choose a couple of machines with the same patch level and install
2. md5sum /sbin/sulogin
3. compare the result
All my machines had different m5sums. I reproduced this on prior version of FC and RHEL.
Well in a perfect world it would be identical or we should be able to know why it isn't identical (like fundamental gcc setting differences causing breakage... like gaim/pydgin not working properly although the code is correct.)
This is not necessarily a bug BUT it makes auditing a system a completely futile endeavor.
This is the result of prelink adding randomization to the binaries. I suggest
you see this Wikipedia article:
I suggest you rely on rpm -K to verify file integrity.
Thanks about the prelink explanation. But rpm -K works only at install time and
I am using that. However I need to know binary integrity long after the install
and specifically after I encounter problems or if machine is allegedly compromised.
I'm sorry, I meant rpm -V, not -K. -V is verify, it can show you differences
between the rpm database and the filesystem.
Doh! Yeah that definitely does exactly what I want. Thank you and sorry for
using bugzilla in this case.