On Thu, 17 Mar 2005 12:55:18 +0530, Devdas Bhagat <[EMAIL PROTECTED]> wrote: > On 17/03/05 12:23 +0530, Ravi Kumar wrote: > > Hello > > I would like to know how to reinstall a package containing the > > utility 'chattr' when the 'chattr' file has been over written and > > also the immutable bit of the file is set. > > How did that happen? > > Devdas Bhagat >
I am asking a question posed to me by a friend of mine. He is an RHCE :) . He gave me the following scenario. A person hacked as root into a machine running linux. He first copied the chattr utility to another location. Then he overwrote the original file (chattr) by doing : # cp /bin/date /usr/bin/chattr Then he made some changes to the /etc/shadow and /etc/passwd files. Now using the previously copied chattr file, he made the following files immutable: passwd, shadow, passwd-, shadow- and lastly the overwriten chattr file in the original location. lastly before he logged out, he deleted the copied chattr file. Now if you try to unset the immutable bit, it can't be done because chattr is corrupted. Also you cannot reinstall it because the corrupt chattr file had been set as immutable. So what is the way around it? I know how to do it if it is running redhat. rpm has a option to install the package in another location. But if it is any other distro like debian or slackware, how to come out of the situation. That is my question. ravi -- ---------------------- I hear and I forget, I see and I remember, I DO and I understand. -Confucius- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ linux-india-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-india-help
