# # chattr
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

chattr

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© December 2003 Tony Lawrence
2003/12/31

Linux ext2 and ext3 file systems support addding additional attributes to files. You do this with "chattr". The most common attribute is "immutable", which prevents a file from being changed or deleted, even by root (of course root can simply use chattr to remove the immutable flag). This can add additional protection against buffer overflow and other security escalation attacks.

The man page for chattr talks of other attributes that are supposed to be implemented someday, but it's been talking quite a while now. Unfortuantely, it gets more confusing. While "man chattr" still says that the "-s" (secure deletion) flag isn't supported, the Design and Implementation of the Second Extended Filesystem page says that it does:

An attribute allows the users to request secure deletion on files. When such a file is deleted, random data is written in the disk blocks previously allocated to the file. This prevents malicious people from gaining access to the previous content of the file by using a disk editor.

But in fact it doesn't, at least not on my systems. Apparently it was deliberately removed (from http://www.securityfocus.com/infocus/1407):

Although earlier kernels honored the 'secure deletion' flag, during the development of the 1.3 series the developers dropped the implementation of this property since it seemed to provide at best only a trivial amount of additional security and at worst a false sense of real security to users unfamiliar with the inherent problems of any 'secure deletion' scheme.

The man page also says that the -c (compression) attribute doesn't work. You can, however, add that with the e2compr patch. Note this 1998 mention of adding it to the kernel.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> chattr


Inexpensive and informative Apple related e-books:

Take Control of Automating Your Mac

Take Control of Upgrading to El Capitan

iOS 8: A Take Control Crash Course

Sierra: A Take Control Crash Course

Take Control of the Mac Command Line with Terminal, Second Edition





More Articles by © Tony Lawrence





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. (Arthur Conan Doyle)




Linux posts

Troubleshooting posts


This post tagged:

Scripting

Shell

UnixWords



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode