| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.
jKILLSPAM.schipper_at_math.uu.nl wrote:
> In comp.unix.bsd.openbsd.misc Logan Shaw <lshaw-usenet_at_austin.rr.com> wrote:
>> Karen Hill wrote: >>> Stefaan A Eeckels wrote: >>>> On 1 Sep 2006 12:28:12 -0700 >>>> "Karen Hill" <karen_hill22_at_yahoo.com> wrote:
>>>> But root can unset the immutable flag.
>>> Not when they are at a networked run level according to the OpenBSD man >>> page on the subject. They would have to reboot, or bring it down to >>> single user mode to do that. >> Do you mean they'd have to reboot to do it at all, or do you mean that >> they'd have to reboot to do it in a supported manner? I strongly >> suspect it's the latter. After all, at some level, it's all bits and>> bytes (both on disk and in RAM), so if you can execute privileged >> instructions on the processor, you can do whatever you want, period.
> I am not currently aware of any way to change the runlevel from a
> running OpenBSD system - by design, root cannot execute kernel-level
> ('priviliged' in your message, I believe) code.
>
> One of the ways of doing this is denying access to kernel memory - see
> mem(4), securelevel(7) on a OpenBSD system.
Well, that's a very different kind of root than what I'm familiar with, but I suppose you could do it that way.
I guess this means that if you try to go this route, you have to worry about loadable kernel modules. Solaris, of course, has them and depends heavily on them. Perhaps one solution to this is to make the entire tree of kernel modules (including all the directories) immutable as well.
 |
 |