> > - The flag can be set by any user
Let me clarify this: ...on his files.
> > - The owner may not change
> > - The file can not be read
>
> Wait, so any user can cause any file on the system to become
> unreadable? I suspect the script kiddies would have fun with setting
> that flag on root-owned files. Even if the owner can unset the flag,
> you could disrupt a lot of things by causing various files to be
> temporarily unreadable.
Good point, but they can have almost as much fun doing chmod 000
/etc/passwd. :-)
I think you cannot secure your system against being brought down and
important parts deleted. This is what backups are for. The whole purpose
of this flag would be to protect my private data from being read, not to
free me from the obligation to keep backups.
An idea would be to allow setting this flag only on files that are truly
executable in the way that the kernel recognizes them, but...no. :-)
Simon
PGP public key available from ftp://phobos.fs.tum.de/pub/pgp/geier.asc
Fingerprint: 10 62 F6 F5 C0 5D 9E D8 47 05 1B 8A 22 E5 4E C1
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/