On Sunday, January 29, 2006, at 06:24 pm, Ben Dougall wrote:
in a security book i've just read it talks about audit / log files:
So root can do what it likes – access any file, become any user, or
whatever. ... This means that (with most flavours of Unix) the
system administrator can do anything, so we have difficulty
implementing an audit trail as a file that he cannot modify. ...
The Berkeley distributions, including FreeBSD, go some way toward
fixing the problem. Files can be set to be append-only, immutable
or undeletable for user, system or both. When set by a user at a
sufficient security level during the boot process, they cannot be
overridden or removed later, even by root.
so is the following correct?: these extra permissions (append only
etc., even if you're root) don't remain set continually like normal
permissions do? they only last for the extent of the current system-
up-time that they're set in. so for these extra permissions to
remain continually they would need setting each time the computer
starts up, otherwise the file won't have those extra permissions/
protections after a restart?
also os x is based on freebsd right, so os x provides the ability
to use these types of permissions? all versions of os x?
thanks, ben.
does anyone know if this is possible? -- that is to create files
that are only appendable (undeletable, immutable) even if root. and
if so, is my above assumption that that level of protection only
lasts for the current system up time (guess/assumption based on the
bit of text quoted from the book* "When set by a user at a
sufficient security level during the boot process, they cannot be
overridden or removed later, even by root." from the book and the
question of there must be way to delete the file somehow. if that
level of protection does last indefinitely, just like other
permissions last, how is a file protected like that deleted?).
thanks, ben.
* security engineering by ross anderson
