Re: Why most run Microsoft, not RedHat

From: "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx>
Date: Sun, 29 Apr 2007 12:39:31 -0500

Zoltan Boszormenyi wrote:

Stuart Sears írta:

Which, although you may have been lucky, is not usually the most
sensible approach. (no offence intended)
A few points to consider...
1. what if the rootkit is installed using rpm?

It wasn't, it was installed from source. The intruder
left the source tree in place. He was a bit tricky to
use chattr +i on /bin/login and some other progs.
BTW, although rpm complained that it cannot replace
those, why isn't it prepared for such scenarios?
RPM is made for Linux, it should certainly know
about special filesystem flags and handle them.

How should rpm handle it? Rpm has no way of knowing why the
immutable flag was set. I believe the proper way is to report the
problem, and let the user decide what to do about it. You could add
a flag to rpm to let it override the immutable flag, but I think
that would be a bad idea.

The way I look at it, if the immutable flag is set, then ether you
didn't want the file to be changed without you giving specific
permission by un-setting the flag, or you have other problems you
should be made aware of.

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Follow-Ups:
- Re: Why most run Microsoft, not RedHat
  - From: Zoltan Boszormenyi

References:
- Why most run Microsoft, not RedHat
  - From: Arne Chr. Jorgensen
- Re: Why most run Microsoft, not RedHat
  - From: Claude Jones
- Re: Why most run Microsoft, not RedHat
  - From: Les Mikesell
- Re: Why most run Microsoft, not RedHat
  - From: Anne Wilson
- RE: Why most run Microsoft, not RedHat
  - From: Tomas Larsson
- Re: Why most run Microsoft, not RedHat
  - From: Les Mikesell
- RE: Why most run Microsoft, not RedHat
  - From: Tomas Larsson
- Re: Why most run Microsoft, not RedHat
  - From: Les Mikesell
- RE: Why most run Microsoft, not RedHat
  - From: Tomas Larsson
- Re: Why most run Microsoft, not RedHat
  - From: Les Mikesell
- RE: Why most run Microsoft, not RedHat
  - From: Tomas Larsson
- Re: Why most run Microsoft, not RedHat
  - From: Zoltan Boszormenyi
- Re: Why most run Microsoft, not RedHat
  - From: Stuart Sears
- Re: Why most run Microsoft, not RedHat
  - From: Zoltan Boszormenyi

Prev by Date: Re: Postfix relay problem
Next by Date: Re: Why most run Microsoft, not RedHat
Previous by thread: Re: Why most run Microsoft, not RedHat
Next by thread: Re: Why most run Microsoft, not RedHat
Index(es):
- Date
- Thread

Relevant Pages

Re: Why most run Microsoft, not RedHat
... although rpm complained that it cannot replace ... What's the point of setting the immutable flag on a binary, ... file that might - and eventually will - be replaced if you upgrade its package? ... But chattr works only as root and you can only run rpm -as root ...
(Fedora)
Re: Why most run Microsoft, not RedHat
... although rpm complained that it cannot replace ... detect if the filesystem doesn't handle such specials and make note ... What's the point of setting the immutable flag on a binary, ... I ran out of rhetoric questions. ...
(Fedora)
Re: Why most run Microsoft, not RedHat
... although rpm complained that it cannot replace ... detect if the filesystem doesn't handle such specials and make note ... What's the point of setting the immutable flag on a binary, ... But your POV in the question above is wrong. ...
(Fedora)
Re: possibly hacked... or not?
... On Fri, 31 Oct 2003, Maxim Belushkin wrote: ... you're likely to be carrying a rootkit. ... I ran this with a supposedly clean rpm binary from an old backup. ...
(comp.os.linux.security)
Re: Box Cracked ( Was: thanks )
... Les Mikesell kirjoitti: ... Something that lead you to think>> you've a rootkit installed? ... I been running rkhunter on Unix and Linux systems for several ... against the rpm db. ...
(Fedora)