On Thu, 9 Nov 2000, Thomas Ribbrock wrote:
> On Thu, Nov 09, 2000 at 09:46:08AM -0600, Bill Carlson wrote:
> [...]
> > So, is there a consensus, should rpm -Va be trusted after a successful
> > attack?
>
> I'd say, the easiest way to accomplish that would be to take a copy of
> the RPM database (onto an external medium, e.g. floppy) each time you
> change something.
Ick. Might as well use tripwire instead.
> Other than that my guess would be that if up to now noone has yet
> changed that database, it's probably only a matter of time until they
> start doing so... (Hm, wouldn't it suffice to simply delete the database
> to foil using rpm -Va?)
True, they could just delete it. But it seems like many people, including
myself, use rpm -Va to answer 'Have I been cracked?'. Deleting the rpm
database leaves no doubts. :)
Bill Carlson
--
Systems Programmer [EMAIL PROTECTED] | Opinions are mine,
Virtual Hospital http://www.vh.org/ | not my employer's.
University of Iowa Hospitals and Clinics |
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
