|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Simon Burns (simon
trustinternet.com)Date: Wed Oct 10 2001 - 17:36:23 CDT
On Wed, 10 Oct 2001, Nicolas Bock wrote:
> this attribute, right? Doesn't that mean then that an attacker who is able to
> put a file into /bin is also able to execute chattr and delete any immutable
> attributes that the admin might have set to protect his trusted shells and so
> on?
I think that's a knowledge thang. If you're a l337 haX0R d00d, surely
noone knows as much as you so chattr is a way to foil r00t once more ;-)
If you're a legitimate administrator of a system, perhaps you just want to
make sure you don't rm -rf a directory or files within it. That is, you
never meant to use chattr to protect your files from crackers - that would
be Security Through (supposed) Obscurity and therefore a Bad Thing.
If you want protected files, put them on a floppy disk, flip the
write-protect tab and leave the disk in the drive for when you need it. No
amount of root kit is going to flip that tab back over again.
-- Simon Burns
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]