I had to think about this one for a bit, but I may have the repudiation of this claim. Its possible to set up a Linux system so that it runs from a CDROM. Coyote and freesco are two examples of this sort of thing. In such a case, not even root would be able to change things (Assuming, of course, that its not a rewritable CD in a rewriter. Duh). Try that with NT. I *suppose* that one could have a bootable floppy that would reimage a hard drive from an image on the cdrom...? > -----Original Message----- > From: Bernie Cosell [mailto:bernieat_private] > Sent: Saturday, 16 March 2002 7:02 a.m. > To: Log Analysis Mailing List > Subject: Re: [logs] immutable bit > > On 15 Mar 2002, at 11:22, Sweth Chandramouli wrote: > > > Also, what are people's takes on using these mechanisms > > on log files? I tend to set append-only on them, although that requires > > some mild kludgery to twiddle the attr before/after log rotation; I > don't > > know that it provides much extra security, however, given that the files > > are already owned by root, and thus anyone who could tamper with them > > could also twiddle turn off the append-only attr. > > this is, of course, the security-achilles-heel of Unix -- that it has > "one bit" security: either your root is safe [and then minimal security > provisions are fine], or you're root-compromised [and then virtually > NOTHING will save you]. Mostly I agree: make the files 600/root and be > done with it. > > /Bernie\ > > -- > Bernie Cosell Fantasy Farm Fibers > mailto:bernieat_private Pearisburg, VA > --> Too many people, too few sheep <-- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Mar 18 2002 - 22:22:54 PST