Mythic Monday – Medusa and Immutability
Most people these days know at least part of the tale of Medusa. You know that she had snakes for hair and that everything she looked at turned to stone. Well, unless you're big into gender theory, you can ignore the rest (at least for the purposes of this post), because today we're going to talk about stone.
Throughout myth, stone is often viewed as unchangable. Even in this modern day, we have phrases like "etched in stone" and stories of the weeping angels. Despite the obvious fact that it's not true, we tend to think of stone as permanent. After all, making it otherwise requires special tools and/or special skill. In everyday experience, something that is made of stone is going to stay that way forever.
If only there were a way to apply the same concept to business security.
Granted, in many cases, you wouldn't want this. Security should be reactive and responsive. As stable as stone may be, very few people would call it highly responsive. (Amusingly, as I write this, reports of the eruptions of Redoubt and Tonga are just coming in.) However, it would be nice if you could effectively lock certain changes into stone, rendering them immutable.
Well, you can. Most systems have access rights that can be tuned. If you configure them correctly, only the right people will be able to write to those files. In effect, it's like the computer has a special Medusa inside it that can turn files into stone for most people. This is a basic aspect of system hardening. If an attacker cannot write to a file, they can't make changes, and you're better off.
Ah, but what if you're one of those Greek heros for whom the computer's Medusa doesn't work? Shouldn't you have the ability to ask Medusa to lock your files so that even you can't change them?
Well, once again, you can do this. Most Linux systems have what are called extended file permissions that, strangely enough, are generally only used by attackers. In addition to the basic read/write/execute (in this case, "execute" means "run", not "stalk with mirrored shield, cut off head and cause the birthing of the pegasus"), you get special magic powers such as:
- Make immutable
- Make undeletable
- Make appendable-only
Thus, you can create a configuration that is readable and works just fine, but is completely unchangable unless you are the admin of the server and you know the extra level of protection. Now, it's not a panacea by any means, but one more layer of protection keeps out one more class of attacks. . . and that's a win.
For more information:
- Basic Permissions: chown, chmod
- Extended Permissions: chattr, lsattr
- Windows Access Control Lists: SetACL
- WORM Drives
