> From: Igmar Palsenberg [mailto:maillist@chello.nl]
>
> > > You still need to kill the old one..
> > ---
> > Right now, if you have root, even w/o raw-io and ability to change
> > cap-immutable, a killall -9 syslogd klogd usually does the trick.
>
> You could make klogd immutable.. But that's nt always wanted behaviour.
--- Immutable is an option on the ext2 filesytem. AFAIK, it isn't a process attribute. Making the file immutable doesn't prevent one from killing the process and starting a new one from the newly mounted file system. Another thing -- You also have to make /usr, /usr/bin and /usr/sbin immutable. Otherwise, I mount my badstuff in /tmp/mnt. Perform a tar copy of the /usr/bin and /usr/sbin dirs to /usr/newbin and /usr/newsbin. /bin/mv /usr/bin /usr/oldbin; /bin/mv /usr/newbin /usr/bin; rm -rf /usr/oldbin Now oldbin contains only the immutable files -- mov that dir to /usr/insignificant-place/ w/filename '...'. Now I have an exact copy of /usr/bin locally, I copy my replacements from /tmp/mnt and restart the demons.Of course making /usr and /usr/bin and /usr/sbin immutable might provide some hindrance if you want to install a software package, but hey -- I'm sure user's won't mind being kicked off when a software patch comes in (a very rare occurance, of course... ;-)).
This is why 'MAC' is sooo sexy. With one feature you severely limit damage. Note that networking also comes in 2 flavors -- untrusted and trusted -- something like sshd might be suitable for an 'su to root', but rsh,rlogin/telnet may not be. Or those protocols may only be trusted in when coming in on a VPN with appropriate ssh-like-key based authentications that trusted computers use to talk to each other.
-l
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:16 EST