codewarrior@daemon.org (Andrew Brown) writes:

> 
> > From: Charles M. Hannum
> >
> >
> >>y0001006@ws.rz.tu-bs.de (Thomas Boroske) writes:
> >> ...
> >> BTW: Is chflags schg MEANT to be irreversible in normal (root) mode ?
> >
> >Yes, that's the whole point.  To prevent ordinary users from changing
> >the file, you would use the traditional Un*x-style permissions.
> 
> actually, i thought it was more a preventative measure against important
> files not getting corrupted by hackers and the like.  for example, you
> would make all your log files append only, make you kernel immutable,
> etc.  if a file's unchangable (or immutable) unless you remove the flag
> and you can only do that in securelevel 0 (or lower :), then it's less
> likely that anyone could do anything nasty to that file.

So, what prevents the so-called `hacker' from simply turning off the
bit?  Answer: They can't because the machine has to be in single-user
mode to do that, and (hopefully!) that means they'd have to be at the
console to do it.

> of course, if they get root (which is how they discover that they can't
> change it anyway) they can still make changes to rc (which runs when
> securelevel is 0) to effect the changes they want and then cause the
> machine to reboot.

No; if you're using this security feature, then you make /etc/rc
immutable, and they can't change it, either.