Prebinding and checksums

Article:		Mac Security: Identifying Changes to the File System
Subject:		Prebinding and checksums
Date:		2005-10-08 00:32:43
From:		chrisridd

I was under the impression that doing checksums of Mach-O binaries was non-trivial, because the "prebinding" that's done by the OS will actually update a binary when one of the libraries it uses changes. Do any of the checksumming utilities take account of this? My guess is not. A mention of, or a comparative review of, tools like tripwire would be good...

Showing messages 1 through 2 of 2.

Prebinding and checksums
2005-10-08 03:21:11 peterhickman [View]

The checksum utilities assume a file is just a collection of bytes and process the whole of the file. I know of no checksum utility that examines the structure of a file to decide what data to use for the checksum and what to exclude. To be honest I can think of very few uses of such a tool.

Although prebinding could alter a binary it has not shown itself in the months that I have been using this script and installing updates and new applications.

As I do the checks daily I will see what has changed and have a pretty good idea of what has been installed / updated from the last check. Of course if I get rooted on the same day as I install a major system upgrade then I will probably miss it.

Prebinding and checksums
2005-10-08 00:33:16 chrisridd [View]

Nice article though :-)

View All RSS Feeds >

800-889-8969 or 707-827-7019
Monday-Friday 7:30am-5pm PT
©2011, O'Reilly Media, Inc.
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.