[1079] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: System log practicalities (was Re: [linux-security] qmail,wu.ftpd,deslogind, in.telnetsnoopd ?)

daemon@ATHENA.MIT.EDU (Stefan `Sec` Zehl)
Mon Aug 26 07:29:58 1996

From: Stefan `Sec` Zehl <zehl@informatik.tu-muenchen.de>
To: Andries.Brouwer@cwi.nl
Date: 	Sun, 25 Aug 1996 23:45:20 +0200 (MESZ)
Cc: JLarmour@origin-at.co.uk, brian@saturn.net, fparato@gti.net,
        linux-security@tarsier.cv.nrao.edu, louis@sacc.org.za,
        proberts@clark.net
In-Reply-To: <9608221510.AA04347=aeb-RESENT@zeus-184.cwi.nl> from "Andries.Brouwer@cwi.nl" at Aug 22, 96 05:10:55 pm

Andries.Brouwer@cwi.nl wrote:
> 
>     [REW: Just some source browsing found:
>         /*
>          * The IMMUTABLE and APPEND_ONLY flags can only be changed by
>          * the super user when the security level is zero.
>          */
>     so it should in principle be secure.]
> 
> Optimist.
> Root can do anything she wants, also change kernel memory.
> 
Don't know what it is with linux, but in securelevel>0 /dev/kmem
would not be writable not even by root ...


[REW: Agreed. However, some more source browsing revealed that e2fs
is the only read-access to the securelevel variable. In short securelevel
support is being started, but ABSOLUTELY NOT FINISHED!]

CU,
	Sec
-- 
Email: sec@leo.org                           WWW: http://www.blafasel.de/~sec/
   Phone: 089/3618013 or 0177/2340515                IRC: Sec @ #blafasel
                              FreeBSD RoX!

home help back first fref pref prev next nref lref last post