Re: Why most run Microsoft, not RedHat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Mikkel L. Ellertson írta:
Zoltan Boszormenyi wrote:
Stuart Sears írta:
Which, although you may have been lucky, is not usually the most
sensible approach. (no offence intended)
  A few points to consider...
1. what if the rootkit is installed using rpm?
It wasn't, it was installed from source. The intruder
left the source tree in place. He was a bit tricky to
use chattr +i on /bin/login and some other progs.
BTW, although rpm complained that it cannot replace
those, why isn't it prepared for such scenarios?
RPM is made for Linux, it should certainly know
about special filesystem flags and handle them.

How should rpm handle it? Rpm has no way of knowing why the


1. be able to specify special flags in the specfile and apply them upon install 2. detect if the filesystem doesn't handle such specials and make note of it in the rpmdb
3. clear them before uninstalling or upgrading
4. detect if it was modified, report it with rpmv
    (skip this check if the rpmdb indicates it, see 2)

At least ext2/3/4 and xfs has such special flags, make use of them.

immutable flag was set. I believe the proper way is to report the
problem, and let the user decide what to do about it. You could add
a flag to rpm to let it override the immutable flag, but I think
that would be a bad idea.

The way I look at it, if the immutable flag is set, then ether you
didn't want the file to be changed without you giving specific
permission by un-setting the flag, or you have other problems you
should be made aware of.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux