On 6/26/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > 1) Why do flags not prevent the mount system call from using > protected directories as mount points? > > I would guess that flags just "protect at inode level" while > mount "happens at vnode level".
Exactly. > I am just wondering why it is done this way because protection > of important config or log files can be bypassed easily by > mounting another file system on top of /etc or /var, for example. Define protection. It is not possible to modify these files. They are protected. If you think you should be able to read the correct contents of these files, remember that the system has been compromised. The attacker can make you see anything they want by directly manipulating your process's memory, regardless of what filesystems are mounted or not. The goal of securelevel was that once set, you could take a compromised machine off the network, reboot it, and it would no longer be compromised. It would still be vulnerable, but there would be no permanent changes to prevent a post-mortem.
