On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote: > Does it answer your questions or did I miss a real loophole in the > strategy that I described ?
If an attacker gets root and loads a kernel module, that module could restore the immutable capability. You'd have to disable loadable modules for that to be bulletproof. (unless the commonly used rootkits already do this, it would slow down an attacker and cause them to make more noise.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
