Re: immutable flag on ext2fs

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 22 Jun 1999 10:16:36 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Malcolm Beattie: "Re: fsck is dead (was: Some very thought-provoking ...)"
Previous message: Alan Cox: "Re: 2.2.10 won't boot w/o keyboard"
Next in thread: Chris Evans: "Re: immutable flag on ext2fs"
Reply: Chris Evans: "Re: immutable flag on ext2fs"
Reply: Jonathan Walther: "Securelevel in Linux? (Was: Re: immutable flag on ext2fs)"

> Question, If someone hasn't set the secure level (I don't understand this
> yet <g>) and did make all file immutable, wouldn't debugfs get around this?
> If someone has gotten root on the machine what's to stop them from doing
> what they want (assuming something like ftp or some programs forgotten by
> the admin exist)

Securelevel is supposed to be one way in all respects. So it disables access
to raw block devices, to mmap on /dev/*mem and all other known paths root could
use to change it indirectly back (eg ioperm/iopl)

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Malcolm Beattie: "Re: fsck is dead (was: Some very thought-provoking ...)"
Previous message: Alan Cox: "Re: 2.2.10 won't boot w/o keyboard"
Next in thread: Chris Evans: "Re: immutable flag on ext2fs"
Reply: Chris Evans: "Re: immutable flag on ext2fs"
Reply: Jonathan Walther: "Securelevel in Linux? (Was: Re: immutable flag on ext2fs)"