Subject: security/6548: Remove need for /etc/changelist
To: None <>
From: Rob Windsor <>
List: netbsd-bugs
Date: 12/08/1998 11:27:38
>Number:         6548
>Category:       security
>Synopsis:       /etc/changelist functionality can be integrated in mtree
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Dec  8 09:35:00 1998
>Originator:     Rob Windsor
NosePickers Anonymous
>Release:        NetBSD-1.3.2
System: NetBSD nimh 1.3.2 NetBSD 1.3.2 (NIMH) #4: Thu Jun 4 11:28:24 CDT 1998 windsor@nimh:/usr/src/sys/arch/i386/compile/NIMH i386

	/etc/changelist is a duplicated effort of /etc/mtree/special, It
	doesn't have to be with a little work.
	I see three ways of doing this:
	    <a> Write a monster awk script that grovels through
		/etc/mtree/special and pulls out those files that are flagged
		with an additional flag at the end of the line.  Requires
		that mtree(1) be tweaked to allow midline comments for entries
		other than `..' or an additional keyword (such as "diffchk")
		that it recognizes but ignores.  (ugly)
	    <b> Tweak mtree(1) to spit out a list of files that have a
		particular keyword (such as "diffchk") in a format that the
		for loop in /etc/security can use to run diff against
	    <c> Tweak mtree(1) to have another keyword and it will have the
		functionality of the tail of /etc/security (the for loop).
		This would also encourage mtree's cksum feature to be
		enhanced to provide more of a tripwire-ish function.