| To: | Christoph Hellwig <hch@xxxxxxxxxx> |
|---|---|
| Subject: | Re: immutable etc. |
| From: | Andi Kleen <ak@xxxxxxx> |
| Date: | Thu, 7 Dec 2000 16:37:11 +0100 |
| Cc: | Timothy Shimmin <tes@xxxxxxxxxxxxxxxxxxxxxxx>, graichen@xxxxxxxxxxxxx, linux-xfs@xxxxxxxxxxx |
| In-reply-to: | <20001207093517.A5515@caldera.de>; from hch@caldera.de on Thu, Dec 07, 2000 at 09:35:17AM +0100 |
| References: | <news2mail-90gun7$srf$2@mate.bln.innominate.de> <200012070625.RAA34103@boing.melbourne.sgi.com> <20001207093517.A5515@caldera.de> |
| Sender: | owner-linux-xfs@xxxxxxxxxxx |
| User-agent: | Mutt/1.2.5i |
On Thu, Dec 07, 2000 at 09:35:17AM +0100, Christoph Hellwig wrote: > On Thu, Dec 07, 2000 at 05:25:57PM +1100, Timothy Shimmin wrote: > > Immutable sounds pretty much what one could achieve using the > > standard access modes except for ROOT being disallowed to change > > the file (without first setting the attribute). > > OOI, how useful is this attribute ? > > The basic idea of immutable files is that you drop > CAP_LINUX_IMMUTABLE for all processes, and attackers won't be able > to modifiy your binaries even if they have root access. So they just have to write to the block or raw device or directly to the hardware (e.g. working IMMUTABLE normally implies non working x server). Commonly accessed binaries like the ld.so can also be just modified in core. -Andi (who does not think immutable is very useful) |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: (fwd) Re: sys_attrctl not working on ppc, Andrew Gildfind |
|---|---|
| Next by Date: | BUG 809716 - XFS Linux and kiobuf io results in data corruption., cattelan@xxxxxxxxxxxx |
| Previous by Thread: | Re: immutable etc., Christoph Hellwig |
| Next by Thread: | Re: immutable etc., Christoph Hellwig |
| Indexes: | [Date] [Thread] [Top] [All Lists] |