Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: user flags in public temp space (was Re: chflags() [heads up])

From: blymn () BAEA COM AU (Brett Lymn)
Date: Thu, 5 Aug 1999 16:56:51 +0930

According to Strange:


c) Make root automatically override user-set flags (possibly will
create other complications for user-land programs relying on root
passing over such files).



Ugh no - this would be a major lose as the idea of the flags was in
part to make files immutable at certain security levels such that
_even_root_ could not modify them.  The idea being you could trojan
proof your binaries by making them immutable (don't forget the
directories themselves, kiddies).  If you allow root to stomp an
immutable file then you lose part of the value of chflags.

Then again you could just rig the system to check your binaries
against an md5 signature before running them which stops the trojans :-)

--
===============================================================================
Brett Lymn, Computer Systems Administrator, British Aerospace Australia
===============================================================================
Previous By Date Next
Previous By Thread Next

Current thread: