Re: IMMUTABLE and APPEND-ONLY rationales

From: Igmar Palsenberg (maillist@chello.nl)
Date: Sat Jun 24 2000 - 21:36:19 EST

Next message: Garst R. Reese: "Re: Linux-2.4.0-test2"
Previous message: Richard Gooch: "Re: owner field in `struct fs'"
In reply to: Andi Kleen: "Re: IMMUTABLE and APPEND-ONLY rationales"
Next in thread: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Reply: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Root is already privileged to set/unset those bits on any file regardless
> > of ownership. It does not follow that this would change if users could
> > set those bits on their own files.
>
> In the original implementation (pre 2.0) that wasn't the case when secure
> level was > 0. securelevel was dropped later because it was broken.
> The root restriction is a leftover.

It is mainly used here (on BSDI) to protect system programs (login,
etc). Kills the possibility of a rootkit.

Igmar

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Garst R. Reese: "Re: Linux-2.4.0-test2"
Previous message: Richard Gooch: "Re: owner field in `struct fs'"
In reply to: Andi Kleen: "Re: IMMUTABLE and APPEND-ONLY rationales"
Next in thread: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Reply: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:06 EST