So, what stops the attacker who has gained root from, for example, unmounting the filesystem, change the flag in the filesystem by accessing the hd-partition directly, and then remounting the filesystem ? Doesn't even need to be hard, sounds rather simple to write a script that does this automatically.
Doesn't having to reboot for every trivial security-patch (as would probably be needed if you make /bin or any other big part of the tree immutable) get kinda annoying, especially where people depend on the services the box provide ?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds