Subject: Re: Making setuid files immutable
To: Dr. Lex Wennmacher <wennmach@geo.Uni-Koeln.DE>
From: Erik E. Fair <firstname.lastname@example.org>
Date: 01/19/1999 11:21:14
Adding the functionality to mtree sounds like a good idea.
However, we need to think carefully before we put those flags into our
distribution files. Order of operations will be critical if we go this
route: once you set schg, you can't do anything else to that file unless
you go single-user and undo it.
We may need to have a flag or other indicator for whether to "lock-down"
the system in that way after installation, and whether the lock-down should
be default or not.
The real question here is: how often do system programs get changed in
between releases? If we make them immutable, we'll find out quickly, the
merely advising caution,