Re: Immutable flag and packages
> 1) Newbie will ask "why I can't removed file X? I do all that they say
> in the *Linux is Great - 101 Book* (hoping not to enfrange any
> copyright here).
Probaby not just newbies. :-)
> 2) If, as a SysAdmin, I decided to put some file immutable, I
> certainly don't want a program like dpkg (whom task is package
> maintenance, not security administration) make it obseleted because
> it, it changed it. Even, maybe I set it immutable because I don't want
> dpkg to changed it!
This is an annoyingly good point. One possibility is the use of
other bits in the ext2 extended attributes in the package maintenance
program; another is the introduction of a second immutable bit
specifically for package tools.
> Briefly, most people don't need it or will misused it (see the pgp
> manual about false security impression)
The fact that locks *can* be picked isn't an argument to never
use one. As most cops will readily admit, you often only need
a lock just good enough to convince the bad guys to move on down
the street.
Setting critical system files immutable won't stop a dedicated
attacker, but it should (from what I understand) be enough to
stop a casual attack from someone without root access.
> and people who really need it,
> don't need dpkg to bother with them.
I think that point is debatable. I'm not ignorant about security
issues, but there are so many variables today that it's virtually
impossible for someone to keep track of them all. On the other
hand, it's not unreasonable for part of the final release process
to be a fairly through security check and any problems either fixed
or documented.
Bear Giles
bear@coyote.com
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: