On Tue, 13 May 2003 21:53, Bernd Eckenfels wrote: > On Tue, May 13, 2003 at 04:59:24PM +0800, Dan Jacobson wrote: > > But how can I protect _myself_ from _myself_? > > Protection from yourself, especially if you are root are extended Unix > features (like for example immutable and append only files, RBAC or > SELinux). > > And it is still not a core-utils bug but a property of the Linux kernel.
Bernd is correct. It's a kernel issue. SE Linux allows you to determine who has setattr permission for each file, writing to a file or appending to it will still change the time stamps in the usual fashion, but write and append access can be controlled independantly of read access too. SE Linux allows control over what your processes do. Running a particular program can automatically transition to a different domain with different levels of access to various resources. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
