I am new to this list, so please don't 'ping flood' me for asking this.
Has any thought been given to restricting the alteration of the immutable
flag on the ext2fs to the console. I know it is a quick fix because I have
looked at the module source. The reason I bring it up is because of
security. If someone breaks into a linux box remotely, then they would not
be able to change the immutable flag on my system files. I could therefore
set all my /bin files and /sbin files /boot/vmlinuz /etc/suff immutable
and as long as my box is not physically compromised then I should be able
to trust that all is well.
FreeBSD does it through single user mode, which I beleive is inappropriate
since you may want to make system file changes on the fly.
Is there a reason why this wouldn't be a good idea?
I though about doing it on download of new kernel, but of course, I would
have to make the change every time...
This is probably something that whoever is working on creating ACL's for
ext2fs would think about. I have a little bit of experience writing
code for applications with ACL's different environments, and would be
willing to give a hand with an ext2fs implementation of ACL's. I would
need to know who to contact though.
Joseph L. Spears, Systems Programmer I
University of Louisville
852-5038
PGP Key fingerprint = 6B 15 3B 85 A0 E0 17 23 0B F3 CB BE 29 B0 CB 97
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/