immutable bit
John Summerfied
debian at herakles.homelinux.org
Wed Nov 30 02:42:52 UTC 2005
Deron Meranda wrote:
> On 11/29/05, James Wilkinson <fedora at westexe.demon.co.uk> wrote:
>
>>preeti malakar wrote:
>>
>>>Why is the immutable bit of all system binaries viz files in /sbin, /bin, /usr
>>>not set, so that none can change or delete them?
>>
>>As Paul said, that would stop yum and rpm from upgrading those programs
>>(say if the immutable binary has a security bug).
>
>
> Also that would cause the prelink cronjob to fail...since it does
> intentionally modify files.
>
> There's nothing of course to keep you from setting the immutable
> bit. And if you're building a super hardened system perhaps you
If you're that paranoid, a ro filesystem's hard to beat.
>
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
More information about the fedora-list
mailing list