>This is a wishlist item, I know, but it is not listed on the wishlist
>page:
>
>I am new to this list, so please don't 'ping flood' me for asking this.
>
>Has any thought been given to restricting the alteration of the immutable
>flag on the ext2fs to the console.
I'm assuming that you mean this as an _OPTION_ that is _OFF_ by
default.
>I know it is a quick fix because I have looked at the module
>source. The reason I bring it up is because of security. If
>someone breaks into a linux box remotely, then they would not
>be able to change the immutable flag on my system files.
I am willing to wager that they could easily spoof their ttypX as
a tty anyways with little effort. Either that or some LD_PRELOAD
trickery.
>I could therefore set all my /bin files and /sbin files
>/boot/vmlinuz /etc/suff immutable and as long as my box is not
>physically compromised then I should be able to trust that all
>is well.
If your machine has been compromised, immutable files are not
going to stop someone from changing things. As root, one may
manually edit the filesystem with debugfs, etc... making
chattr only work on local tty's wouldn't prevent someone from
uploading their own binary. Making the kernel do it, wouldn't
stop someone from uploading their own kernel module, etc...
IMHO there is no safe way that this can be done. I believe it to
be security through obscurity, and I can't see Linus, or anyone
else taking it very seriously.
>FreeBSD does it through single user mode, which I beleive is inappropriate
>since you may want to make system file changes on the fly.
Single user mode doesn't have networking up, so there should only
be local consoles to begin with. Or is FreeBSD's single user
mode different? Granted, one can edit the initscripts to do
whatever, but I can't see it making a machine more secure. Spend
the time putting up a proper firewall, and using "good" security
techniques instead. Security through obscurity is none at all.
>I though about doing it on download of new kernel, but of course, I would
>have to make the change every time...
I'll wager there is a way from userland to hack through it as
the root user. If someone compromises root, you're screwed no
matter what.
dd if=/dev/zero of=/dev/<your root partition>
debugfs /dev/<your root partition>
Or a nice homemade raw sector editor....
-- Mike A. Harris Linux advocate GNU advocate Computer Consultant Open Source advocateTea, Earl Grey, Hot...
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/