Thor Lancelot Simon <tls@rek.tjls.com> writes:
   > By the way, I *seriously* question the utility of using file flags to
   > "secure" a system.  To get any serious guarantee, every program run
   > from rc (or any script it runs) while securelevel is zero must be marked
   > schg; also, rc, rc.conf, etc. must be marked schg.  A system set up that
   > way is almost as irritating to run as a system with a read-only root fs.
   > 
   > (Note that I in fact actually run systems which are each way, so I know
   >  whereof I speak.)
   
   I agree. Frankly, I'd prefer that we forget about putting any such
   hacks into the distributed system. They're a real pain in the neck for 
   ordinary users, and almost impossible to get "right" to provide actual 
   extra security for non-ordinary users.


would you please *read* this thread.  it is about adding a way TO
secure an installed system, not about having the distributed system
be a PITA to change.  actually, with what is being proposed, the 
general idea is to make it _easy_ for the sysadmin to use these
flags in a sane manner!


i strongly support lex's proposal.