RE: Future Linux devel. Kernels

From: Linda Walsh (
Date: Wed May 10 2000 - 14:15:52 EST

> From: Igmar Palsenberg []
> > > You still need to kill the old one..
> > ---
> > Right now, if you have root, even w/o raw-io and ability to change
> > cap-immutable, a killall -9 syslogd klogd usually does the trick.
> You could make klogd immutable.. But that's nt always wanted behaviour.

	Immutable is an option on the ext2 filesytem.  AFAIK, it isn't a
process attribute.  Making the file immutable doesn't prevent one from
killing the process and starting a new one from the newly mounted file
system.  Another thing -- You also have to make /usr, /usr/bin and /usr/sbin
immutable.  Otherwise, I mount my badstuff in /tmp/mnt.  Perform
a tar copy of the /usr/bin and /usr/sbin dirs to /usr/newbin and /usr/newsbin.
/bin/mv /usr/bin /usr/oldbin; /bin/mv /usr/newbin /usr/bin; rm -rf /usr/oldbin
Now oldbin contains only the immutable files -- mov that dir to
/usr/insignificant-place/ w/filename '...'.  Now I have an exact copy
of /usr/bin locally, I copy my replacements from /tmp/mnt and restart the

Of course making /usr and /usr/bin and /usr/sbin immutable might provide some hindrance if you want to install a software package, but hey -- I'm sure user's won't mind being kicked off when a software patch comes in (a very rare occurance, of course... ;-)).

This is why 'MAC' is sooo sexy. With one feature you severely limit damage. Note that networking also comes in 2 flavors -- untrusted and trusted -- something like sshd might be suitable for an 'su to root', but rsh,rlogin/telnet may not be. Or those protocols may only be trusted in when coming in on a VPN with appropriate ssh-like-key based authentications that trusted computers use to talk to each other.


- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:16 EST