This is a very straight forward answer. (too much work to do heh) you can make a
module that loads up during boot sequence that can remove immutable flags etc.. and
it will make chattr useless... (extract the symbol addresses for the FS)
yes my fs is almost 100% immutable and cant be defeated using chattr and other
apps to remove the immutable fs. etc...
what type of server? im using linux and it was customized and built to secure
the whole OS. from kernel level upto fs. soon it will be revealed.... :)
"\x6e\x2f\x73\x68\x01"
----- Original Message -----
From: Federico Sevilla III <[EMAIL PROTECTED]>
Date: Tue, 3 Dec 2002 10:37:51 +0800
To: [EMAIL PROTECTED]
Subject: Re: [plug] can't delete a file
> On Mon, Dec 02, 2002 at 09:23:01PM -0500, vuln- dev wrote:
> > my server is almost 100% immutable :) easiest way of protecting the
> > boot sequence up to load. and one way to remove that is remove the
> > immutable flag simple and clean
>
> I am curious: how can making your files immutable "protect the boot
> sequence up to load"[1]? While I can see that the immutable flag helps
> against deletion accidents by the root user, you yourself have mentioned
> that an attacker can choose to simply remove the immutable flag using
> chattr and purge the files straight away.
>
> [1] While we're at it, what do you mean by "protecting the boot sequence
> up to load"? And which files of your "almost 100% immutable" server
> aren't immutable? And what kind of server is this exactly?
>
> --> Jijo
>
>
> PS- please do NOT quote the entire message when replying. I had to
> remove 100 lines of quoted text from your message. Please remember that
> our list server has to broadcast each message to every other subscriber,
> and those extra lines of waste do matter.
>
> --
> Federico Sevilla III : http://jijo.free.net.ph : When we speak of free
> Network Administrator : The Leather Collection, Inc. : software we refer to
> GnuPG Key ID : 0x93B746BE : freedom, not price.
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
One click access to the Top Search Engines
http://www.exactsearchbar.com/mailcom
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
