Peter Verthez - 2006-05-13

What are the thoughts of the people on this list
about making tripwire prelink-aware ?

As it stands now, the combination of tripwire and
prelink gives a lot of false positives,
especially when you do system updates, which
means that you have to
1) either disable prelink altogether;
2) or perform prelink manually after a system
update, followed by a rebuild of the tripwire
database (ideally by first disconnecting from
the net).

Tripwire could get its MD5 sums via the command
'prelink --md5 <file>' instead of calculating
them itself.  In this way it gets the MD5 sum from
the unmodified binary.

Would something like this be considered secure
enough as new feature for tripwire ?

Peter.