NETWORK%UK.AC.ULSTER.UCVAX@ac.UK (08/06/87)
Thoughts following Roy Omond's message of 31 July...
Is it unreasonable to ask Dec to include the "correct" checksums
for all (affected) images with software issues and updates, in
printed form? This might help system managers to detect "hacked"
patches placed illegally in strategic places.
Of course, the CHECKSUM utility is very handy, but only if you
know what the "correct" checksums are.
Brian Beesley
SCO Data Comms
Univ. of UlsterXBR1Y028@DDATHD21.BITNET (Walter Reichenbaecher, TH Darmstadt, HRZ) (08/08/87)
After reading Roy Omond's message (dated July 31) I immediatedly CHECKSUMed LOGINOUT.EXE and SHOW.EXE on all of our VAXes. It turned out that the Checksum for SHOW.EXE was identical on 4.4 and 4.5 systems, but the Checksum for LOGINOUT.EXE was different on all systems. I was puzzeled, then I did ANA/IMAGE/OUT=file SYS$SYSTEM:LOGINOUT.EXE on all our VAXes and used DIFFERENCE/PARALLEL to compare the output-files of ANALYZE. It turned out that there was a Patch in that image, which came in when 4.4 was installed (mandatory update) - so the date of the VMS installation was included in that image. So it will not help to get a CHECKSUM from DEC for images that get patched! Now , after hearing such bad news from our neighbourhood (Heidelberg, the city where Roys system is situated is less than 50 miles away from Darmstadt), we were thinking about some checking mechanism. Like running a job at midnight to compare the checksums of all important files against a reference list of checksums... (SYSUAF unfortunatedly cannot be included ..) Regards, Walter Reichenbaecher Technical University Darmstadt University Computing Center Darmstadt, West Germany BITNET: XBR1Y028@DDATHD21 ARPANET: XBR1Y028%DDATHD21.BITNET@WISCVM.WISC.EDU _______________________________________________________________________________