Re: More Syslog Questions

[Brian Hatch <bri () ifokr org>]

> > On Linux, the chattr command on ext2/3 filesystems is useful. From man
> > chattr
> >       A file with the `a' attribute set  can  only  be  open  in
> >       append  mode for writing.  Only the superuser or a process
> >       pessessing the CAP_LINUX_IMMUTABLE capability can  set  or
> >       clear this attribute.
>
> Is this Linux specific, or did the BSD guys change this, too? The original
> idea of immutable files was that they were, uh, um, immutable. Making
> them "immutable except by root" is stupid - that's the same as saying
> chown root file && chmod 700 file

They're immutable, even by root.  However, root can remove the
immutable bit.  IE

  chattr +a /path/to/file            # makes it immutable
  echo something >>/path/to/file     # fails - file is immutable
  
  chattr -a /path/to/file
  echo something >>/path/to/file     # works - file no longer immutable.

To keep root from re-running the chattr command, you need to have
CAP_LINUX_IMMUTABLE unavailable, either by removing it from the
capability bounding set, or using a Linux security patch that does
the same thing effectivly.  (SELinux, Lids, GrSecurity, etc.)

-- 
Brian Hatch                  "Well, you know how I feel about telepaths.
   Systems and               "Do I ever. You threw one out of a third
   Security Engineer          story window on Io."
http://www.ifokr.org/bri/    "There was an ample pool below the window."
                             "Alas, I assume you knew that."
Every message PGP signed

Attachment: signature.asc
Description: Digital signature