Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: user flags in public temp space (was Re: chflags() [heads up])

From: jbratton () USA NET (Jason Bratton)
Date: Thu, 5 Aug 1999 21:46:26 -0500

Why don't we just allow root to override immutable files so long as they
were not set immutable by root?  This would allow root to safely trojan
proof its binaries while eliminating any race conditions that would
exist if we had to chflag first before accessing.

Brett Lymn wrote:


According to Strange:


c) Make root automatically override user-set flags (possibly will
create other complications for user-land programs relying on root
passing over such files).



Ugh no - this would be a major lose as the idea of the flags was in
part to make files immutable at certain security levels such that
_even_root_ could not modify them.  The idea being you could trojan
proof your binaries by making them immutable (don't forget the
directories themselves, kiddies).  If you allow root to stomp an
immutable file then you lose part of the value of chflags.


--
Jason Bratton      As I walk through the valley of the shadow of doubt,
jbratton () usa net     I shall fear no other OS, for Linux art with me.
Previous By Date Next
Previous By Thread Next

Current thread: