Home » Learning Curve
The ImmutablesWhy - and how - the 'input manager cure' works.
The Unix 'extended attribute' flags can be used to lock files down in a myriad of ways.
System Flags | | User Flags | 10000 archived 20000 immutable 40000 append | | 0001 no dump 0002 immutable 0004 append 0008 opaque |
The flags are above and beyond ordinary file modes. They can be accessed both programmatically and from the command line.
The command line version accepts both a comma separated list of keywords and an octal value.
The user 'immutable' flag prevents the item from being overwritten, deleted, moved, or renamed, regardless of other permissions.
The system 'immutable' flag does likewise, but it can only be set by the superuser and only be reset in single user mode - something trojans aren't going to be able to do.
If applied to 'InputManagers' directories, the 'immutable' flags can effectively prevent tampering. If the system 'immutable' flag is set, then no action short of a reset in single user mode will remove it.
User flags may be set by the item's owner or the superuser; system flags are set only by the superuser. Full documentation can be found in the manpage.
% man -a chflags
NAME
chflags - change file flags
SYNOPSIS
chflags [-R [-H | -L | -P]] flags file ...
NAME
chflags, fchflags - set file flags
SYNOPSIS
#include <sys/stat.h>
#include <unistd.h>
int
chflags(const char *path, u_long flags);
int
fchflags(int fd, u_long flags);
See Also The Chocolate Tunnel Input Managers - The Cure Peeking Inside the Chocolate Tunnel
|