I don’t remember where exactly I picked up this trick but it doesn’t seem to be particularly well known so I thought I would share it here. On Linux (yes Linux specifically, not BSD, Solaris etc.) there is a command called
chattr for changing file attributes.
Some of the available attributes are rather useful for example
a for append only or
s for a file to be automatically zeroed on delete. And then there is the immutable flag
i, which is just plain evil.
It works something like this:
And the result:
You know that you are in trouble with
root receives a
Permission denied error.
Below is a matrix to illustrate the interaction with the traditional
||Permission denied||Permission denied|
This can be useful for hacking around applications that are
chmod aware and too smart for their own good. Be default
dhcpcd for example will blindly clobber everything inside of
/etc/resolv.conf with whatever random DNS server the router tells it which is not cool at all. If you use
chmod to make
dhcpcd will simply reverse the permissions. It does not know about
chattr -i though.
It is also useful against humans who do not know their system as well as you. I have heard stories of penetration testers giving Blue Team defenders a hard time with this little trick.