Re: immutable flag on ext2fs

Domas Mituzas (midom@dammit.lt)
Mon, 21 Jun 1999 22:13:47 +0200 (CEST)

Hello all.
> Has any thought been given to restricting the alteration of the immutable
> flag on the ext2fs to the console. I know it is a quick fix because I have
> looked at the module source. The reason I bring it up is because of
> security. If someone breaks into a linux box remotely, then they would not
> be able to change the immutable flag on my system files. I could therefore
> set all my /bin files and /sbin files /boot/vmlinuz /etc/suff immutable
> and as long as my box is not physically compromised then I should be able
> to trust that all is well.

This is already done by using fs/elf/process capabilities. You can
restrict changing immutable flags either by removing CAP_LINUX_IMMUTABLE
capability and giving it only to console owned processes, or to use ELF
headers or filesystem capability storing mechanism... Also, when the
kernel has securebits SECURE_NOROOT increased (securelevel >0 on 2.0
kernels), nobody can change immutable flags. I've been porting my system
to non-root environment and I could run non-suid programs on non-root
environment that require certain privileges - raw net interfaces,
overriding access lists etc, and it is a possibility to see full non-root
system in future :-) Now it is easier with 2.0 kernels, as programs still
are not fully supporting linux capabilities. So, if you are using it, just
increase securelevel... good luck!

With respect,
Domas Mituzas

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/