On Mon, Sep 25, 2017 at 07:10:10PM +0300, Reco wrote: > A common misconception. Here's how a determined userspace can beat > immutable bit: > > # mkdir testetc > # touch testetc/resolv.conf > # chattr +i testetc/resolv.conf > # mv testetc/ testetc.orig > # mkdir testetc > # touch testetc/resolv.conf > # echo evil dns > testetc/resolv.conf
You'd have to replace all the other files in /etc as well, or the system wouldn't work very well. But that's not the point. The point isn't to harden the system against an attacker bent on subverting your name lookups. It's to protect your locally modified configuration file from being overwritten by well-meaning but stupid software programs. (And yes, there are other ways to achieve that, but I've already posted the <https://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/> URL in this thread. Oops, I did it again.)
