What are the thoughts of the people on this list
about making tripwire prelink-aware ?
As it stands now, the combination of tripwire and
prelink gives a lot of false positives,
especially when you do system updates, which
means that you have to
1) either disable prelink altogether;
2) or perform prelink manually after a system
update, followed by a rebuild of the tripwire
database (ideally by first disconnecting from
Tripwire could get its MD5 sums via the command
'prelink --md5 <file>' instead of calculating
them itself. In this way it gets the MD5 sum from
the unmodified binary.
Would something like this be considered secure
enough as new feature for tripwire ?