Backdoors in Webmin

Posted Aug 22, 2019 18:16 UTC (Thu) by epa (subscriber, #39769)
In reply to: Backdoors in Webmin by songmaster
Parent article: Backdoors in Webmin

Could filesystems support some kind of 'secure mode' where it's impossible to set the timestamp on a file except by setting it to the current time? And only root can change the time on the system. So that would make it more difficult to tamper with files if you're not root. And in my experience, needing to set the timestamp is a rare operation (it would be no hardship if unpacking a zipfile made all the files with the current time).

Backdoors in Webmin

Posted Aug 22, 2019 20:40 UTC (Thu) by Karellen (subscriber, #67644) [Link]

It would break POSIX guarantees in a number of ways, which are probably relied upon by a number of programs, in ways that maybe even the program authors might not realise on first glance.

Look back at the discussions that happened around the introduction of noatime/relatime regarding the use of the "atime" timestamp, which I would guess is used a couple of orders of magnitude less frequently than "mtime", and which ended up causing a non-trivial amount of pain for mutt users.

Backdoors in Webmin

Posted Aug 22, 2019 20:51 UTC (Thu) by nybble41 (subscriber, #55106) [Link]

Checking ctime and mtime together is already a fairly reliable way to detect modification. Users can set mtime and atime but that causes ctime to be set to the current system time.

Backdoors in Webmin

Posted Aug 26, 2019 19:22 UTC (Mon) by k8to (guest, #15413) [Link]

I'm not sure that it's meaningful to prevent tampering with timestamps in environments where you want to permit tampering with files.

If you have those slices of security concerns, I would think an audit log that's streamed off the system would be a better choice.