On Thu, Jun 26, 2008 at 07:35:40PM +0200, [EMAIL PROTECTED] wrote:
> I try to get a better understanding of hardening OpenBSD
> systems and have been digging man pages, several books (incl.
> "The design and implementation of the 4.4BSD operating system")
> and the archives (but not the sources due to my lack of real C
> knowledge).
>
> I could not find any answers regarding the following questions:
>
>
> 1) Why do flags not prevent the mount system call from using
> protected directories as mount points?
>
> I would guess that flags just "protect at inode level" while
> mount "happens at vnode level".
>
> I am just wondering why it is done this way because protection
> of important config or log files can be bypassed easily by
> mounting another file system on top of /etc or /var, for example.
If they can mount a file system they have root. Then you're already in
deep trouble, I'd worry more about that.
-0-
--
Endless Loop: n., see Loop, Endless.
Loop, Endless: n., see Endless Loop.
-- Random Shack Data Processing Dictionary
