|Home » Learning Curve
Why - and how - the 'input manager cure' works.
The Unix 'extended attribute' flags can be used to lock files down in a myriad of ways.
|System Flags||User Flags|
| ||0001 no dump|
The flags are above and beyond ordinary file modes. They can be accessed both programmatically and from the command line.
The command line version accepts both a comma separated list of keywords and an octal value.
The user 'immutable' flag prevents the item from being overwritten, deleted, moved, or renamed, regardless of other permissions.
The system 'immutable' flag does likewise, but it can only be set by the superuser and only be reset in single user mode - something trojans aren't going to be able to do.
If applied to 'InputManagers' directories, the 'immutable' flags can effectively prevent tampering. If the system 'immutable' flag is set, then no action short of a reset in single user mode will remove it.
User flags may be set by the item's owner or the superuser; system flags are set only by the superuser. Full documentation can be found in the manpage.
% man -a chflags
chflags - change file flags
chflags [-R [-H | -L | -P]] flags file ...
chflags, fchflags - set file flags
chflags(const char *path, u_long flags);
fchflags(int fd, u_long flags);
The Chocolate Tunnel
Input Managers - The Cure
Peeking Inside the Chocolate Tunnel