On Wed, Feb 13, 2002 at 01:26:47PM -0600, dewt wrote: > > Do you know any of the RPM-aware rootkits for Linux which will not be > > detected by "rpm --verify". I would prefer direct edit of /var/lib/rpm > > rather to trojaned rpm binary, but what the heck - whatever will do.
> i'm not aware of one, but making a small spec file for the trojaned binaries > and making your own rpm package could work, of course that wont pass the -Vp > option but not many people do that. If this is for one of your own machines, wouldn't it be far simpler to replace rpm's --verify handler with a function that always returns "this package looks fine" ? -- Join the fight against terrorism by giving up your liberties today!
msg00200/pgp00000.pgp
Description: PGP signature
