Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: undeletable and immutable, even with root access, files


On Sunday, January 29, 2006, at 06:24  pm, Ben Dougall wrote:

in a security book i've just read it talks about audit / log files:


So root can do what it likes – access any file, become any user, or whatever. ... This means that (with most flavours of Unix) the system administrator can do anything, so we have difficulty implementing an audit trail as a file that he cannot modify. ... The Berkeley distributions, including FreeBSD, go some way toward fixing the problem. Files can be set to be append-only, immutable or undeletable for user, system or both. When set by a user at a sufficient security level during the boot process, they cannot be overridden or removed later, even by root.


so is the following correct?: these extra permissions (append only etc., even if you're root) don't remain set continually like normal permissions do? they only last for the extent of the current system-up-time that they're set in. so for these extra permissions to remain continually they would need setting each time the computer starts up, otherwise the file won't have those extra permissions/protections after a restart?

also os x is based on freebsd right, so os x provides the ability to use these types of permissions? all versions of os x?

thanks, ben.

does anyone know if this is possible? -- that is to create files that are only appendable (undeletable, immutable) even if root. and if so, is my above assumption that that level of protection only lasts for the current system up time (guess/assumption based on the bit of text quoted from the book* "When set by a user at a sufficient security level during the boot process, they cannot be overridden or removed later, even by root." from the book and the question of there must be way to delete the file somehow. if that level of protection does last indefinitely, just like other permissions last, how is a file protected like that deleted?).

thanks, ben.

* security engineering by ross anderson
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden
References: 
 >undeletable and immutable, even with root access, files (From: Ben Dougall <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.