Re: IMMUTABLE and APPEND-ONLY rationales

From: Igmar Palsenberg (maillist@chello.nl)
Date: Mon Jun 26 2000 - 08:24:52 EST

Next message: Alan Cox: "Re: Query on UDP Sockets on Linux."
Previous message: Denis Perchine: "Re: Problem with recv syscall on socket when other side closed connection"
In reply to: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Next in thread: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Reply: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > It is mainly used here (on BSDI) to protect system programs (login,
> > etc). Kills the possibility of a rootkit.
>
> Amusingly, other then own my own paranoid-fortresses-of-doom systems, the
> only place I've seen Immutiable files is AFTER the install of the rootkit
> (i.e. the hacker chattrs to confuse clueless sysadms)..
> :)

On BSDI you can only do chattr in single user mode. No way that some
hacker on remote access can replace important system binaries..

On Linux, root can always do chattr, so it's a little different..

Igmar

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: Query on UDP Sockets on Linux."
Previous message: Denis Perchine: "Re: Problem with recv syscall on socket when other side closed connection"
In reply to: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Next in thread: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Reply: Gregory Maxwell: "Re: IMMUTABLE and APPEND-ONLY rationales"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:08 EST