On Thu, Jul 9, 2009 at 5:59 PM, Till Maas <opensou...@till.name> wrote:
> On Thu July 9 2009, yersinia wrote: > > > But something one have to pay a security prize on not disabling it : it > > render impossible to have a > > centralizzated security integrity management (e.g. rfc.sf.net for > example) > > or one have to skip from check the prelink binary. Very bad i think. > > You pay a security prize if you disable prelink, because it also performs > address space randomization: > http://lwn.net/Articles/190139/ > Strange enough this authorative refs, imho, not cited prelink as a security feature for aslr :=) http://www.awe.com/mark/blog/200801070918.html Btw, the reality is more complex this days. Details omitted, this is not a security mailing list. Regards > Btw. you can also patch the remote integrity checker to use prelink to > either > get a checksum of the perlinked binary or undo the prelinking before > checking > it. > > Regards > Till > > -- > fedora-devel-list mailing list > fedora-devel-list@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-devel-list >
-- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list