Subject: Re: Making setuid files immutable
To: Christos Zoulas <christos@zoulas.com>
From: Eduardo E. Horvath <eeh@one-o.com>
List: tech-security
Date: 01/20/1999 09:19:31
On Tue, 19 Jan 1999, Christos Zoulas wrote:
> In article <990119181217.ZM5267@pluto.geo.Uni-Koeln.DE> wennmach@geo.Uni-Koeln.DE (Dr. Lex Wennmacher) writes:
>
> >o add a `-i' option (`i'mmutable): Set the flags specified by the flags
> >keyword.
> >
> >o add a `-m' option (`m'utable): Remove the flags specified by the flags
> > keyword. This can only be done at securelevel=0.
> >
> >o customize /etc/mtree/NetBSD.dist and/or /etc/mtree/special
>
> This has not been done... Could be a good idea. On the other hand, you might
> want to have some files that are permanently append only or immutable, so
> you might have some syntax as +flagname to specify that this does not get
> affected by -i and -m.
Have you considered just using different mtree files, say
/etc/mtree/NetBSD.secure instead of adding command line options?
=========================================================================
Eduardo Horvath eeh@one-o.com
"I need to find a pithy new quote." -- me