Subject: Re: verified executable kernel modification committed
To: Brett Lymn <blymn@baesystems.com.au>
From: Perry E. Metzger <perry@piermont.com>
List: current-users
Date: 10/30/2002 09:20:43
Brett Lymn <blymn@baesystems.com.au> writes:
> > It is? Can't mtree do this for us now?
>
> Indeed it can. It can also hold the md5/sha1/rmd160 fingerprint for
> the file too. Is there an mtree for pkg too?
>
> BTW, be careful about running too far down the chflag hole, as I have
> stated in other mails there are some things that cannot be covered by
> chflags - not ever.
I'm unclear on what chflags can't do. If you chflags /bin and all its
contents immutable, no one is going to be touching the contents. If
they can touch the contents, then why couldn't they alter the md5
fingerprint?
--
Perry E. Metzger perry@piermont.com