Why most run Microsoft, not RedHat

[Zoltan Boszormenyi]

Mikkel L. Ellertson írta:
> Zoltan Boszormenyi wrote:
>   
>> Stuart Sears írta:
>>     
>>> Which, although you may have been lucky, is not usually the most
>>> sensible approach. (no offence intended)
>>>   A few points to consider...
>>> 1. what if the rootkit is installed using rpm?
>>>   
>>>       
>> It wasn't, it was installed from source. The intruder
>> left the source tree in place. He was a bit tricky to
>> use chattr +i on /bin/login and some other progs.
>> BTW, although rpm complained that it cannot replace
>> those, why isn't it prepared for such scenarios?
>> RPM is made for Linux, it should certainly know
>> about special filesystem flags and handle them.
>>
>>     
> How should rpm handle it? Rpm has no way of knowing why the
>   

How?

1. be able to specify special flags in the specfile and apply them upon 
install
2. detect if the filesystem doesn't handle such specials and make note 
of it in the rpmdb
3. clear them before uninstalling or upgrading
4. detect if it was modified, report it with rpmv
     (skip this check if the rpmdb indicates it, see 2)

At least ext2/3/4 and xfs has such special flags, make use of them.

> immutable flag was set. I believe the proper way is to report the
> problem, and let the user decide what to do about it. You could add
> a flag to rpm to let it override the immutable flag, but I think
> that would be a bad idea.
>
> The way I look at it, if the immutable flag is set, then ether you
> didn't want the file to be changed without you giving specific
> permission by un-setting the flag, or you have other problems you
> should be made aware of.
>
> Mikkel
>