On Fri, Apr 9, 2010 at 8:00 PM, Junhao <[email protected]> wrote: > On 04/09/2010 10:11 AM, Michael Clark wrote: >
> If the systems had prelinking (popular in fedora a few years ago), all >> >> of the the shared objects get rewritten with non-conflicting link >> addresses (to avoid runtime relocation overhead). It is usually set up >> in /etc/cron (check cron.daily, cron.weekly, etc) >> >> I'm not sure if more recent linux systems use prelinking or not - it may >> conflict with link address randomisation (a security mechanism, so that >> exploits can't run code that targets known address offsets). e.g. look >> at the link addresses of /bin/ls over two runs (on Debian Sid/2.6.32): >> >> mcl...@monty:~$ ldd /bin/ls >> libselinux.so.1 => /lib/libselinux.so.1 (0xb777f000) >> librt.so.1 => /lib/i686/cmov/librt.so.1 (0xb7776000) > > > Ahh.... That might explain it. Will check when I get back to office next > week. FYI, we are testing on Redhat Enterprise Linux 5.x. That's interesting. With such a mechanism in place, how would one verify the integrity of the files? Eg, rpm -V and tripwire would both fail now.
_______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
