On Mon, 26 Jun 2000, Igmar Palsenberg wrote:
>
> > > It is mainly used here (on BSDI) to protect system programs (login,
> > > etc). Kills the possibility of a rootkit.
> >
> > Amusingly, other then own my own paranoid-fortresses-of-doom systems, the
> > only place I've seen Immutiable files is AFTER the install of the rootkit
> > (i.e. the hacker chattrs to confuse clueless sysadms)..
> > :)
>
> On BSDI you can only do chattr in single user mode. No way that some
> hacker on remote access can replace important system binaries..
>
> On Linux, root can always do chattr, so it's a little different..
Root can't chattr if you drop the capability from all processes.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:08 EST