[ale] Filesystem security under Linux (Was: Re: OT was software modems)
Michael B. Trausch
fd0man at gmail.com
Fri Dec 8 09:34:16 EST 2006
On Tue, 2006-12-05 at 10:24 -0500, Scott Castaline wrote:
[snip]
> until the completion of the call(hang-up). This also prevented at least
> the operators from "doctoring" the DV file creation process. The files
> also were owned by root with no access by the telemarketing staff.
> Situations where the staff had root access the files were owned by some
> other "special user" that they could not access, so again no "Doctoring"
> of the files after the fact. If memory serves me correctly this was
Files like this sound like good candidates for higher-than-root security
mechanisms. For example, in FreeBSD you can have the files be "schg"
which prevents them from being altered -- even by the root user.
Assuming that BSD securelevels are used, even the root user cannot
change the schg (e.g., remove the flag, or alter the file) without
bringing the system completely down, rebooting it, and interfering with
the boot processes such that the system doesn't make it to a more secure
level so that they can remove the schg flag.
Linux has the chattr thing, but IIRC, there isn't anything like BSD
securelevels which would help to block even root. Does anyone know if
any progress has actually been made under Linux like the BSD
securelevels? Would this be something that perhaps SELinux or something
would do? I can't seem to find anything related to BSD securelevels for
Linux.
-- Mike
--
Michael B. Trausch
fd0man at gmail.com
Phone: (404) 592-5746
Jabber IM:
fd0man at gmail.com
fd0man at livejournal.com
Demand Freedom! Use open and free protocols, standards, and software!
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list