On Thu, Apr 27, 2000 at 04:30:28PM +0000, Jim Breton wrote: > On Thu, Apr 27, 2000 at 01:13:34AM -0800, Ethan Benson wrote: > > this contrasts with linux's immutable bit that the superuser may > > remove whenever he wants, making it mostly pointless. (i read > > Yah I looked at it that way too at first. Fwict, there are still two > advantages to using it however: > > a) one means of "security through obscurity" where some folks who do > manage to hack a box will not be aware of the existence of the immutable > bit and will be confused when they are unable to delete the file despite > the necessary permissions (yah this is weak, but nevertheless real) ;-) that is pretty weak there... > b) more importantly, it will break some "log zapper" scripts often used > by script kiddies. Some other vulnerabilities would be thwarted also, why zap an immutable log file? it won't contain any new entries since syslogd cannot write to it either :P you probably mean the append only bit. which is indeed useful on logs but breaks log rotation which is rather annoying. > where you use a vulnerability in one binary to over-write another > program's configuration file and make it heed your will. indeed, i do use the immutable bit on my user's ~/.ssh and ~/.ssh/authorized_keys, its exceedingly inconvenient but ensures that even if i somehow run some trojan as me that nobody can add a new key to my authorized_keys file. though chmod 400 would probably be enough for that... someone else mentioned Linux Privileges (misnomer capabilities) which i think can be used to get the BSD style immutable bit -- root can set but not remove. but still that is damned inconvenient if you want to upgrade something legitimately and have to reboot to do it. (almost like NT, gah) > > Sorry if my message is a little incoherent, I just woke up and I can > hardly see or think yet. :) i know the feeling ;-) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpiVhXAIjZcO.pgp
Description: PGP signature