| To: | Timothy Shimmin <tes@xxxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: immutable etc. |
| From: | Christoph Hellwig <hch@xxxxxxxxxx> |
| Date: | Thu, 7 Dec 2000 09:35:17 +0100 |
| Cc: | graichen@xxxxxxxxxxxxx, linux-xfs@xxxxxxxxxxx |
| In-reply-to: | <200012070625.RAA34103@xxxxxxxxxxxxxxxxxxxxxxx>; from tes@xxxxxxxxxxxxxxxxxxxxxxx on Thu, Dec 07, 2000 at 05:25:57PM +1100 |
| References: | <news2mail-90gun7$srf$2@xxxxxxxxxxxxxxxxxxxxxx> <200012070625.RAA34103@xxxxxxxxxxxxxxxxxxxxxxx> |
| Sender: | owner-linux-xfs@xxxxxxxxxxx |
On Thu, Dec 07, 2000 at 05:25:57PM +1100, Timothy Shimmin wrote:
> Immutable sounds pretty much what one could achieve using the
> standard access modes except for ROOT being disallowed to change
> the file (without first setting the attribute).
> OOI, how useful is this attribute ?
The basic idea of immutable files is that you drop
CAP_LINUX_IMMUTABLE for all processes, and attackers won't be able
to modifiy your binaries even if they have root access.
Christoph
--
Of course it doesn't work. We've performed a software upgrade.
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: immutable etc., Timothy Shimmin |
|---|---|
| Next by Date: | (fwd) Re: sys_attrctl not working on ppc, Thomas Graichen |
| Previous by Thread: | Re: immutable etc., Timothy Shimmin |
| Next by Thread: | Re: immutable etc., Andi Kleen |
| Indexes: | [Date] [Thread] [Top] [All Lists] |