Subject: Re: Making setuid files immutable
To: Manuel Bouyer <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 01/16/1999 00:53:44
>> of course...they could always move the entire directory...
>And that's enouth, unless the parent directory is immutable too ...
>Anyway, I think it's good practice to make directory immutable too when
i've thought about this too. and then decided it was a little
impractical for remote administration (which is what i do most of the
time). yeah...i'll do upgrades from one version to the next over
tcp/ip, but not fiddle with immutable files. go figure. :)
it'd imply (given the following list)
>all of /bin
>all of /usr/bin
>all of /sbin
>all of /usr/sbin
>all of /usr/lib
>everything called from inetd
>everything called from the rc files
>all rc files and inetd.conf
not these directories (since their contents would all be immutable),
/ (because of /etc, /bin, /var, and /usr)
/usr (because of /usr/bin, /usr/sbin, and /usr/lib at least)
and probably also
which would basically reduce netbsd to windows nt where you have to
reboot (well, almost) to upgrade cat. yes, it's an extreme example,
but for upgrading *anything*, that's what it would do. and that's one
of the reasons i *REALLY* hate windows nt. if you upgrade cat, you
have to (heck...there you almost have to reboot if you move the
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."