[colug-432] Necropsy: Virus?: prelink
jep200404 at columbus.rr.com
jep200404 at columbus.rr.com
Wed May 4 10:31:20 EDT 2011
On Tue, 3 May 2011 20:53:27 -0400 (EDT), R P Herrold <herrold at owlriver.com> wrote:
> On Tue, 3 May 2011, jep200404 at columbus.rr.com wrote:
>
> > What non-malicious reasons can there be for a new version of a
> > program to have the same size and timestamp as an old version,
> > yet have different md5sums?
>
> the cron based, library 'prelinking' does this --- rpm knows
> how to reverse when it rpm -V (packagename) ...
That accounts for most of the differences.
rpm -V -a --root /root/backup/20110324bad/ >rpm-V-a--root-root-backup-20110324bad- 2>&1
http://www.colug.net/~jep/rpm-V-a--root-root-backup-20110324bad-
More information about the colug-432
mailing list