On Wed, 10 Oct 2001, Nicolas Bock wrote:

> My appologies already if this is a stupid question, but how does
> chattr -i prevent root from doing anything to a file? I can see that
> while the immutable attribute is set, root can't do anything, but root
> can run chattr and delete this attribute, right?

yeah, i didn't speak clearly, but yeah, once you clear the flag, then you
can operate on the file. but not with the flag set. even root has to
respect chattr's settings on files (ie append only, read only, etc ...)

> Doesn't that mean then that an attacker who is able to put a file into
> /bin is also able to execute chattr and delete any immutable
> attributes that the admin might have set to protect his trusted shells
> and so on?

thats very true, yes. however, LIDS can be used to prevent this, so that
with kernel settings (which require a reboot to effect) even root cannot
make modifications, no matter what they try, not until these kernel flags
are cleared and the system rebooted. couple that to firmware/BIOS level
passwords, and you're set. you can build up a trusted computing base this
way.

something to consider. and sorry for any confusion earlier, thanks for
requesting the clarification.

____________________________
jose nazario josecwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]