zapekl. problem a +i file

Peter Kundrat kundrat na napri.sk
Čtvrtek Listopad 28 23:40:14 CET 1996


Jakub Jelinek writes:

> Alespon kdyz jsem se do ext2fs koukal naposledy, tak dovolilo rootovi menit
> chattr kdykoli. 

Z linux-2.0.18/fs/ext2/ioctl.c:ext_ioctl(..., EXT2_IOC_SETFLAGS, ..)
                /*
                 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
                 * the super user when the security level is zero.
                 */
                if ((flags & (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL)) ^
                    (inode->u.ext2_i.i_flags &
                     (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL))) {
                        /* This test looks nicer. Thanks to Pauline Middelink */                        if (!fsuser() || securelevel > 0)
                                return -EPERM;

> No, a jelikoz neexistuje lockovani raw devicu, tak je
> vsechno stejne na nic... Viz napr. FIBMAP nebo e2fstools, 
> clovek si zjisti velice jednoduse, kde dana vec lezi, no a uz to tam masti...
> Ono by to chtelo i dalsi veci, napr. securelevel zavisly ptrace syscall (aby
> nikdo nemohl attachnout gdb k procesu, ke kteremu to neni chtene, atd.)
Snad si na to neikto najde cas ..

						pk


Další informace o konferenci Linux