LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux has file-flags too

Linux has file-flags too

Posted May 6, 2004 17:17 UTC (Thu) by jstrand1@rochester.rr.com (guest, #6394)
In reply to: Linux has file-flags too by gte223j
Parent article: OpenBSD 3.5: a peek at another free Unix

"all you have to do is go to run level 1 (single user console mode) to change the imuutable flags and file(s), in linux you just have to be root to run chattr."

This (IMO) downplays the added security. Openbsd requires physical access to use the machine in console mode-- in linux, root remote access is enough.

(Log in to post comments)

Linux has file-flags too

Posted May 6, 2004 19:32 UTC (Thu) by flewellyn (subscriber, #5047) [Link]

"Openbsd requires physical access to use the machine in console mode-- in linux, root remote access is enough."

This is true, except that with at least some versions of login, you can use the file /etc/securetty to specify which terminals root is allowed to log in from. And you can restrict ssh so that it does not allow root access from anywhere. This can help reduce the vectors for getting a root login. It won't help with privilege escalation bugs, but there are at least some measures in place.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds