[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

immutable bit?( linux related)



hi everybody,

	i have a question.
	thinking about security one of the major fears is of some user
gaining root access to a system
  	either remotely or locally.
	yesterday i came accross this commands called chattr and lsattr
which apply to ext2 filesystems
	i learnt that there is this bit which they called the immutable bit
which can be set or unset using 
	the chattr command. Now according to the man pages a file whose
immutable bit is set can be read
	but cannot be written , renamed , or deleted , however it can be
copied.
	
	what if we set the immutable bit for /etc/passwd and /etc/shadow.
both the files would become readonly
	completely.so , there exists no scope of some one changing his UID
to 0 or gaining root access for that 
	matter.

	well , please consider that i am new to linux security and i am
learning fast and these are just some wild ideas
	i keep getting.They may be even stupid sometimes . however , its fun
to share them with the (linux users group) guys and 	getting their
opinions so please comment on this .  
	

	Thank you,
		Harshal Vaidya.

	
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. 
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful.
Visit us at http://www.cognizant.com