[TriLUG] purpose of immutable and append-only files?
Adrian Likins
alikins at redhat.com
Tue Oct 30 20:08:57 EST 2001
On Tue, Oct 30, 2001 at 11:51:15AM -0500, jeremyp at pobox.com wrote:
>
> Hey,
>
> I happened to read about about the special file options for ext2 (and
> ext3) filesystems... the "lsattr" and "chattr" commands. It's possibly to
> create immutable (read-only) and append-only files. It was said that
> immutable files would be good for never-changing config files, and
> append-only for things like log files, where you want to be sure previous
> logs can't be altered. But since the root user can change these
> attributes, what good are they from a security standpoint? How are they
> any better than standard file permissions?
>
alot of folks mention it solely as an obscuring factor. the thought
being that "script kiddies" or the like are more likely to not catch. Cant say
I really buy that.
There may well be cases where exploits start by truncating/changing
files as a user. /tmp race condtion cases come to mind. ie, cases where
you are attempting to get root or other user to write to a symlink in
/tmp pointing to say, /etc/passwd. The user wouldnt be able to chattr
the files, and having them +i or +a might prevent root from "accidently"
overwriting them.
Thats the first case that comes to my mind, there are probabaly
more.
Adrian
More information about the TriLUG
mailing list