On Sun, 25 Jun 2000, Igmar Palsenberg wrote:
> > > Root is already privileged to set/unset those bits on any file regardless
> > > of ownership. It does not follow that this would change if users could
> > > set those bits on their own files.
> >
> > In the original implementation (pre 2.0) that wasn't the case when secure
> > level was > 0. securelevel was dropped later because it was broken.
> > The root restriction is a leftover.
>
> It is mainly used here (on BSDI) to protect system programs (login,
> etc). Kills the possibility of a rootkit.
Amusingly, other then own my own paranoid-fortresses-of-doom systems, the
only place I've seen Immutiable files is AFTER the install of the rootkit
(i.e. the hacker chattrs to confuse clueless sysadms)..
:)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:06 EST