James Wilkinson wrote:
preeti malakar wrote:
Why is the immutable bit of all system binaries viz files in /sbin, /bin, /usr
not set, so that none can change or delete them?
as you can see chattr /bin/login will give
------------- /bin/login
As Paul said, that would stop yum and rpm from upgrading those programs
(say if the immutable binary has a security bug).
Most of them are owned by root: other users can't change them anyway,
due to file permissions. And root has the ability to remove the
immutable bit.
Yes, yum could be modified to automatically unset the immutable bit,
upgrade, and then re-set it. But there's an implicit understanding that
normal programs *won't* play with the immutable bit (it's not there on
all filesystems, and I understand Posix[1] doesn't specify it.[2])
In any case, having yum or rpm fiddle with the immutable bit prevents
the sysadmin from saying "I know what I'm doing: RPM replaces this file
on ugrade, and I Want It Staying Just As *I* Edited It, ----it!"
Aa couple of times I've felt the urge to do that. Something was breaking
/etc/resolve.conf and I couldn't discover what. chattr fixed that one.
Recently, on my WBEL server box something has been insistent that it
absolutely _knows_ CUPS should only listen on 127.0.0.1. I think I've
removed the offender, but chattr would certainly help there too.
other than that, I guess it would be pretty handy in a root kit:-)
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
