29 Nov
2005
29 Nov
'05
8:42 p.m.
Deron Meranda wrote:
On 11/29/05, James Wilkinson fedora@westexe.demon.co.uk wrote:
preeti malakar wrote:
Why is the immutable bit of all system binaries viz files in /sbin, /bin, /usr not set, so that none can change or delete them?
As Paul said, that would stop yum and rpm from upgrading those programs (say if the immutable binary has a security bug).
Also that would cause the prelink cronjob to fail...since it does intentionally modify files.
There's nothing of course to keep you from setting the immutable bit. And if you're building a super hardened system perhaps you
If you're that paranoid, a ro filesystem's hard to beat.
--
Cheers
John
-- spambait
1aaaaaaa@computerdatasafe.com.au Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list