Why don't we just allow root to override immutable files so long as they were not set immutable by root? This would allow root to safely trojan proof its binaries while eliminating any race conditions that would exist if we had to chflag first before accessing. Brett Lymn wrote: > > According to Strange: > > > >c) Make root automatically override user-set flags (possibly will > >create other complications for user-land programs relying on root > >passing over such files). > > > > Ugh no - this would be a major lose as the idea of the flags was in > part to make files immutable at certain security levels such that > _even_root_ could not modify them. The idea being you could trojan > proof your binaries by making them immutable (don't forget the > directories themselves, kiddies). If you allow root to stomp an > immutable file then you lose part of the value of chflags. -- Jason Bratton As I walk through the valley of the shadow of doubt, jbrattonat_private I shall fear no other OS, for Linux art with me.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:13 PDT