From owner-freebsd-security Wed Sep 17 15:49:48 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA16579 for security-outgoing; Wed, 17 Sep 1997 15:49:48 -0700 (PDT) Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA16571 for ; Wed, 17 Sep 1997 15:49:42 -0700 (PDT) Received: from localhost (brian@localhost) by shell.firehouse.net (8.8.5/8.8.5) with SMTP id SAA13587; Wed, 17 Sep 1997 18:49:04 -0400 (EDT) Date: Wed, 17 Sep 1997 18:48:58 -0400 (EDT) From: Brian Mitchell To: Robert Watson cc: Sean Kelly , security@FreeBSD.ORG Subject: Re: schg flag... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 17 Sep 1997, Robert Watson wrote: > So my question is this --- how does the appendonly flag interact with > move, newsyslog, etc. Ideally, logged matieral could be added to, but > never deleted. However, is this handled by inode, by open file, etc? If > I set the appendonly flag on /var/log/messages, it will most likely work > in the correct securelevel. If I do a mv messages messages.0, does it > move it (only change to the directory reference, not to the file)? How no, mv doesnt work, neither does unlink: # cd /tmp # touch foo # chflags sappnd foo # mv foo bar mv: rename foo to bar: Operation not permitted # rm foo override rw-r--r-- root/bin sappnd for foo? y rm: foo: Operation not permitted > does this work with hard links? If I create a hard link to a syschg'd > file in /var/tmp, presumably it retains the same property. Can it no > longer be removed by anyone, including superuser? nor do hard links # ln foo bar ln: bar: Operation not permitted > > Newsyslog assumes the ability to rename files, create new files, etc. > Presumably newsyslog used with the append-only flag would be a bad thing. yes, it wouldnt work :)