On Mon, May 28, 2012 at 3:34 PM, Jonas Maebe wrote:
>
> On 28 May 2012, at 14:09, ik wrote:
>
> > The second part is more interesting for this subject: It signs a checksum
> > of the ELF file, so any change to it will break the checksum.
> > It helps you to discover for example root-kits.
> >
> >
On 28 May 2012, at 14:09, ik wrote:
> The second part is more interesting for this subject: It signs a checksum
> of the ELF file, so any change to it will break the checksum.
> It helps you to discover for example root-kits.
>
> Is it a compiler based signature, or something from the build itse
Hello,
I see that most of the ELF on my system, contain a signature like so:
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked
(uses shared libs), for GNU/Linux 2.6.32,
BuildID[sha1]=0x39645af26ea483eaae81df45bf34701580506115, stripped
There are two very interesting signatu
