28 Feb
2005
28 Feb
'05
5:38 p.m.
On Monday 28 February 2005 11:22 am, Brian Densmore wrote:
Of course there's nothing, stopping a cunning cracker from building an RPM database, setting the timestamp and copying it onto the cracked system.
I think the database stores the original MD5 signature of the files in the package. You could get around it by installing your own RPM of hacked files, but then the signiture of the package itself would indicate it wasn't from a known good source.