[1079] in linux-security and linux-alert archive
Re: System log practicalities (was Re: [linux-security] qmail,wu.ftpd,deslogind, in.telnetsnoopd ?)
daemon@ATHENA.MIT.EDU (Stefan `Sec` Zehl)
Mon Aug 26 07:29:58 1996
From: Stefan `Sec` Zehl <zehl@informatik.tu-muenchen.de>
To: Andries.Brouwer@cwi.nl
Date: Sun, 25 Aug 1996 23:45:20 +0200 (MESZ)
Cc: JLarmour@origin-at.co.uk, brian@saturn.net, fparato@gti.net,
linux-security@tarsier.cv.nrao.edu, louis@sacc.org.za,
proberts@clark.net
In-Reply-To: <9608221510.AA04347=aeb-RESENT@zeus-184.cwi.nl> from "Andries.Brouwer@cwi.nl" at Aug 22, 96 05:10:55 pm
Andries.Brouwer@cwi.nl wrote:
>
> [REW: Just some source browsing found:
> /*
> * The IMMUTABLE and APPEND_ONLY flags can only be changed by
> * the super user when the security level is zero.
> */
> so it should in principle be secure.]
>
> Optimist.
> Root can do anything she wants, also change kernel memory.
>
Don't know what it is with linux, but in securelevel>0 /dev/kmem
would not be writable not even by root ...
[REW: Agreed. However, some more source browsing revealed that e2fs
is the only read-access to the securelevel variable. In short securelevel
support is being started, but ABSOLUTELY NOT FINISHED!]
CU,
Sec
--
Email: sec@leo.org WWW: http://www.blafasel.de/~sec/
Phone: 089/3618013 or 0177/2340515 IRC: Sec @ #blafasel
FreeBSD RoX!