On Tue, 3 Dec 2002, vuln- dev wrote: > > This is a very straight forward answer. (too much work to do heh) > you can make a module that loads up during boot sequence that can remove > immutable flags etc.. and it will make chattr useless... (extract the >symbol addresses for the FS) >
what about preventing a root cracker's loadable module that re-enables or bypasses checks to the immutable bit? then the cracker can then delete any file without even using chattr. you'd also need to protect against this type of attack. many folks have done this: LIDS, GRsecurity, etc... pong _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
