On Thu, Jun 26, 2008 at 07:35:40PM +0200, [EMAIL PROTECTED] wrote: > I try to get a better understanding of hardening OpenBSD > systems and have been digging man pages, several books (incl. > "The design and implementation of the 4.4BSD operating system") > and the archives (but not the sources due to my lack of real C > knowledge). > > I could not find any answers regarding the following questions: > > > 1) Why do flags not prevent the mount system call from using > protected directories as mount points? > > I would guess that flags just "protect at inode level" while > mount "happens at vnode level". > > I am just wondering why it is done this way because protection > of important config or log files can be bypassed easily by > mounting another file system on top of /etc or /var, for example.
If they can mount a file system they have root. Then you're already in deep trouble, I'd worry more about that. -0- -- Endless Loop: n., see Loop, Endless. Loop, Endless: n., see Endless Loop. -- Random Shack Data Processing Dictionary