Re: Why Ext2/3 needs immutable attribute?

From: Xin Zhao
Date: Sun Apr 17 2005 - 11:13:48 EST


Thanks for your reply.

Yes. I know, with immutable, even root cannot modify sensitive
files. What I am curious is if an intruder has root access, he may
have many ways to turn off the immutable protection and modify files.
So immutable is designed just to prevent a valid root from making
silly mistakes?

Xin


On 4/17/05, Willy Tarreau <willy@xxxxxxxxx> wrote:
> On Sun, Apr 17, 2005 at 11:54:34AM -0400, Xin Zhao wrote:
> > Why not simply unset the write bit for all three groups of users?
> > That seems to be enough to prevent file modification.
> >
> > Immutable seems to only add one more protection level in case of
> > misconfiguration on standard access right bits. Is that right?
>
> With immutable, even root cannot modify the file accidentely. It is
> very useful for critical configuration files.
>
> Willy
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/