On Fri, Dec 21, 2001 at 03:28:22PM +0100, Philipp Schulte wrote: > No, using the kernel capabilities (http://pw1.netcom.com/~spoon/lcap/) > can give an additional layer of security. One can't simply "chattr -i" > if the specific capability has been removed.
Note that the *BSDs have 'securelevel' settings that allow immutable to be turned on in any securelevel state, but can only be turned off in an insecure state. As a hint, I would love to see similar support for Securelevels in the linux kernel, perhaps implemented through an LSM interface. (I've been meaning to do it myself, but .. there isn't enough time in each day. So, I offer it as a fun yet hopefully small project for those interested in kernel programming. :) Cheers! -- Find out why the United States jailed a Russian citizen over a lecture: http://www.anti-dmca.com/
msg00050/pgp00000.pgp
Description: PGP signature
