Hello Chris and all,
Thanks for the message.
>What won't work in this situation is attackers that have the md5sums
>or signatures for various binaries on the machine that you are
>intending to replace.
Hmm, that was the point of my question, to some extent. How would an
attacker (possesing the md5sums for valid packages and md5sumes for hacked
packages) go about updating the rpm database to pass the ? Are there any
tools (in rootkits or elsewhere) to accomplish it?
Best regards,
--
Anton A. Chuvakin, Ph.D.
http://www.chuvakin.org
http://www.info-secure.org
