Why most run Microsoft, not RedHat
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Sun Apr 29 17:39:31 UTC 2007
Zoltan Boszormenyi wrote:
> Stuart Sears írta:
>> Which, although you may have been lucky, is not usually the most
>> sensible approach. (no offence intended)
>> A few points to consider...
>> 1. what if the rootkit is installed using rpm?
>>
>
> It wasn't, it was installed from source. The intruder
> left the source tree in place. He was a bit tricky to
> use chattr +i on /bin/login and some other progs.
> BTW, although rpm complained that it cannot replace
> those, why isn't it prepared for such scenarios?
> RPM is made for Linux, it should certainly know
> about special filesystem flags and handle them.
>
How should rpm handle it? Rpm has no way of knowing why the
immutable flag was set. I believe the proper way is to report the
problem, and let the user decide what to do about it. You could add
a flag to rpm to let it override the immutable flag, but I think
that would be a bad idea.
The way I look at it, if the immutable flag is set, then ether you
didn't want the file to be changed without you giving specific
permission by un-setting the flag, or you have other problems you
should be made aware of.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
More information about the fedora-list
mailing list