immutable bit
John Summerfied
debian at herakles.homelinux.org
Wed Nov 30 02:47:20 UTC 2005
James Wilkinson wrote:
> preeti malakar wrote:
>
>>Why is the immutable bit of all system binaries viz files in /sbin, /bin, /usr
>>not set, so that none can change or delete them?
>>
>>as you can see chattr /bin/login will give
>>------------- /bin/login
>
>
> As Paul said, that would stop yum and rpm from upgrading those programs
> (say if the immutable binary has a security bug).
>
> Most of them are owned by root: other users can't change them anyway,
> due to file permissions. And root has the ability to remove the
> immutable bit.
>
> Yes, yum could be modified to automatically unset the immutable bit,
> upgrade, and then re-set it. But there's an implicit understanding that
> normal programs *won't* play with the immutable bit (it's not there on
> all filesystems, and I understand Posix[1] doesn't specify it.[2])
>
> In any case, having yum or rpm fiddle with the immutable bit prevents
> the sysadmin from saying "I know what I'm doing: RPM replaces this file
> on ugrade, and I Want It Staying Just As *I* Edited It, ----it!"
Aa couple of times I've felt the urge to do that. Something was breaking
/etc/resolve.conf and I couldn't discover what. chattr fixed that one.
Recently, on my WBEL server box something has been insistent that it
absolutely _knows_ CUPS should only listen on 127.0.0.1. I think I've
removed the offender, but chattr would certainly help there too.
other than that, I guess it would be pretty handy in a root kit:-)
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
More information about the users
mailing list