[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

> > 
> > Ummmm, what would be the point of "chattr -i" if even
> > someone with root priv can't turn it off? 
> 
> That *is* the point, if someone breaks in and gets a root shell, they
> still can't modify the file....

Just a quick point, chattr is in fact a BSD hang over. In it's proper
implementation (i.e. *BSD or linux 2.1.*) yes your right once set immutable
a file couldn't be modified by anyone even root without lowering your
securelevel. However as far as I understood it securelevel was removed in
linux 2.2.* and replaced with capabilites (a POSIX idea), are these at a
usable stage yet? I thought they weren't although I'm more than prepared to
admit I could be very wrong ;)

As an aside I still use immutable files on my raq4 to protect against remote
exploits and bad admin!

Would be interested to know if you can indeed utilize capabilites on a raq
to protect immutable files...anyone?

Cheers!
g.
--
Guy van den Berg
MCT, MCSE, OCP, CIP
External Consultant
Database Technologies & Support
Compaq Computers GIS EMEA

P: +49 89 9392 4324 / F: +49 89 9392 2657

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index