/top/
/new/
/best/
/ask/
/show/
/job/
^
slacker news
login
about
←back to thread
When root meets immutable: OpenBSD chflags vs. log tampering
(rsadowski.de)
134 points
todsacerdoti
| 3 comments |
18 Jul 25 08:36 UTC
|
HN request time: 0.732s
|
source
1.
eternauta3k
◴[
18 Jul 25 09:46 UTC
]
No.
44602844
[source]
▶
>>44602532 (OP)
#
Is root prevented from directly writing to the underlying block device?
replies(1):
>>44602848
#
ID:
GO
2.
kstrauser
◴[
18 Jul 25 09:46 UTC
]
No.
44602848
[source]
▶
>>44602844 (TP)
#
Yes.
replies(1):
>>44603011
#
3.
messe
◴[
18 Jul 25 10:11 UTC
]
No.
44603011
[source]
▶
>>44602848
#
Only if securelevel is 2. If securelevel = 1, then only
mounted
filesystems are RO. An attacker could conceivably forcibly unmount /var/log as root, and make the changes directly to the block device.
↑